Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SysWOW64 virus / Virus scans take 20+ hours to complete


  • This topic is locked This topic is locked
66 replies to this topic

#1 Codered

Codered

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 15 December 2013 - 04:38 PM

I am trying to remove all viruses on a family members computer. I have a feeling that the entire SysWOW64 folder is a virus. When I do a Full virus scan with either Malwarebytes or Microsoft Security Essentials, the path shown as the current location being scanned is C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\... and the scan stays in that folder for well over 20 hours.

 

I cannot enter that file location, either manually or forcefully with cmd. I get stuck at the systemprofile layer. I get an error message telling me that I do not have permission to enter that folder. I am on an Admin account.

 

you may refer to this post for possible information about this topic http://www.bleepingcomputer.com/forums/t/516838/virusmalware-scan-stuck-in-temp-internet-folder-for-10-hours/

 

Steps I have already taken

 

Installed and Ran a scan with spyhunter 4, this scan took 40 hours and scanned over 8million files. There was a detection of 900+ threats, but all were either adware or cookies. I took no action against them, as Quietman7 instructed me to uninstall spyhunter due to the program being untrustworthy.

 

I have used Malwarebytes and MSE to run quick and full scans. The quick scans take 3-5 minutes and dont find any viruses. The Full scans do pick up some trojans and they are located within the SysWOW64 folder. I have deleted them.

 

I followed Quietman7's suggestions for disk cleanup. I used TFC, but the program freezes up after a few seconds. I also used CCleaner, to analyze and delete the default selections.

 

I downloaded DDS, but I cannot run it due to an error. "The version of this file is not compatible with the version of Windows you're running. Check your computers systems information to see whether you need an x86 or x64 version of the program and then contact the software publisher"

 

The OS is Windows 7 64 bit.

 

Thank you for you time.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 10,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 20 December 2013 - 04:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517570 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Codered

Codered
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 21 December 2013 - 11:58 AM

Update to this issue

 

I was able to get past the error I was having with DDS. However, after the scan completes, the program closes and there are no logs created. I did have the dds.txt and attach.txt options checked.

 

The OS is WIndows 7 64bit

The only disks I have for this pc is the WIndows 7 home premium 32/64bit OS installation CDs.

 

I have not made any changes to the system since making this topic on 12/15/13. The computer was turned off until today.



#4 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:12 PM

Posted 26 December 2013 - 08:35 PM

Hello Codered, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Best Regards,
oneof4.


#5 Codered

Codered
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 27 December 2013 - 04:06 PM

Hi Oneof4, thank you for taking the time to help me out.

 

I have downloaded both of the tools you asked me to. I am currently running the Security Check. It has been running for about an hour now and the message on the command prompt has not changed. It says "Performing System Health Check".

 

Should I go ahead on to the next step and run the Fubar Recovery tool while the Security check is running? or wait for the security check to finish?



#6 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:12 PM

Posted 27 December 2013 - 04:26 PM

See if you can abort the Security Check scan, then run FRST.  If FRST will not run in "Normal" mode, try "Safe" mode.


Best Regards,
oneof4.


#7 Codered

Codered
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 27 December 2013 - 04:49 PM

The Security Check did complete, without aborting. However, the checkup.txt opened and was completely blank. No text in the document anywhere.  Here is the logs for the FRST.txt. The ADDITION.txt will be in the following post.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by Mike & Rhi (administrator) on MICHAEL-PC on 27-12-2013 15:43:55
Running from C:\Users\Mike & Rhi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Mike & Rhi\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corp.) C:\Windows\System32\Defrag.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-09-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_ROC_NT] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Mike & Rhi\AppData\Local\{299b7700-369c-71d5-6b51-31d0db243fee}\n. ATTENTION! ====> ZeroAccess?

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDA0B1135C1C7CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110210191222561&tb_oid=10-02-2011&tb_mrud=10-02-2011
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110210191222561&tb_oid=10-02-2011&tb_mrud=10-02-2011
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=108907&mntrId=2ccab167000000000000001cc0eec7df
SearchScopes: HKCU - {B07994D2-FF0A-4D46-8E40-FDA8D7824F98} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=3B7D653C-E574-4B07-9A42-D808D59ABFD9&apn_sauid=165A7F9F-5DD5-4877-A718-8758E2B01396
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Mike & Rhi\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Shop to Win - {F9E44926-2497-46F3-8A25-928136AC079E} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll (Shop To Win, LLC)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 216.144.187.199 216.144.187.101 204.186.110.76

FireFox:
========
FF ProfilePath: C:\Users\Mike & Rhi\AppData\Roaming\Mozilla\Firefox\Profiles\sq87c2c3.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Mike & Rhi\AppData\Roaming\Mozilla\Firefox\Profiles\sq87c2c3.default\searchplugins\askcom.xml
FF Extension: Adblock Plus - C:\Users\Mike & Rhi\AppData\Roaming\Mozilla\Firefox\Profiles\sq87c2c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Skype Extension) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0
CHR Extension: (Yontoo) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0
CHR Extension: (Gmail) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\MIKE&R~1\AppData\Local\Temp\YontooLayers.crx

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1164288 2009-04-14] (C-Media Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 15:43 - 2013-12-27 15:44 - 00015894 _____ C:\Users\Mike & Rhi\Downloads\FRST.txt
2013-12-27 15:42 - 2013-12-27 15:42 - 01930746 _____ (Farbar) C:\Users\Mike & Rhi\Downloads\FRST64.exe
2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 ____D C:\FRST
2013-12-27 15:37 - 2013-12-27 15:37 - 00891200 _____ C:\Users\Mike & Rhi\Downloads\SecurityCheck.exe
2013-12-22 03:02 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-22 03:02 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-22 03:02 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-22 03:02 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-22 03:02 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-22 03:02 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-22 03:02 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-22 03:02 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-22 03:02 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-22 03:02 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-22 03:02 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-22 03:02 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-22 03:02 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-22 03:02 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-22 03:02 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-22 03:02 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-22 03:02 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-22 03:02 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-22 03:02 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-22 03:02 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-22 03:02 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-22 03:02 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-22 03:02 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-22 03:02 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-22 03:02 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-22 03:02 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-22 03:02 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-22 03:02 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-22 03:02 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-22 03:02 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-22 03:02 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-21 11:41 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-21 11:41 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-21 11:41 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-21 11:41 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-21 11:41 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-12-21 11:41 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00688992 ____R (Swearware) C:\Users\Mike & Rhi\Downloads\dds(1).com
2013-12-21 11:33 - 2013-12-22 03:20 - 00000112 _____ C:\Windows\setupact.log
2013-12-21 11:33 - 2013-12-21 11:33 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 14:56 - 2013-12-15 14:56 - 00000347 _____ C:\Users\Mike & Rhi\Downloads\dds.com
2013-12-15 01:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-15 01:02 - 2013-12-15 01:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-14 23:29 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 23:29 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 23:29 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 23:29 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-14 20:13 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-14 20:13 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-14 20:13 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-14 20:13 - 2012-06-02 09:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-14 19:50 - 2013-12-14 19:58 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 11:36 - 2013-02-15 01:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-12-14 11:36 - 2013-02-15 01:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-14 11:36 - 2013-02-15 01:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-12-14 11:36 - 2013-02-14 23:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-12-14 11:36 - 2013-02-14 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-12-14 11:36 - 2013-02-14 22:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-12-14 11:36 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-12-14 11:36 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-12-14 11:36 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-12-14 11:36 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-12-14 11:34 - 2013-12-14 11:34 - 00002117 _____ C:\Users\Mike & Rhi\Desktop\Microsoft Security Essentials.lnk
2013-12-14 11:27 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 11:27 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 11:27 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-14 11:27 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-12-14 11:21 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-14 11:21 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-12-14 11:21 - 2013-02-27 01:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-14 11:21 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-12-14 11:20 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 11:20 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-14 11:20 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-14 11:20 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-14 11:20 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-14 11:20 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-12-14 11:20 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-14 11:20 - 2013-04-12 09:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-14 11:20 - 2013-03-19 00:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-14 11:20 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-14 11:19 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 11:19 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 11:19 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 11:19 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 11:18 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-14 11:18 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-14 11:18 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-14 11:18 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 11:18 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-14 11:18 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-14 11:18 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-14 11:18 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 11:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-14 11:18 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-14 11:18 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-14 11:18 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-14 11:18 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-14 11:18 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-14 11:18 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-14 11:18 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-14 11:18 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-14 11:18 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-14 11:18 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-14 11:18 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-14 11:18 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-14 11:18 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-14 11:18 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-14 11:18 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-14 11:18 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-12-14 11:18 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-12-14 11:18 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-12-14 11:18 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-14 11:18 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-12-14 11:18 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-12-14 11:18 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-12-14 11:18 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-14 11:18 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-12-14 11:18 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-12-14 11:17 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-14 11:17 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-14 11:17 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-12-14 11:17 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-14 11:17 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-14 11:17 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-12-14 11:17 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-14 11:17 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-12-14 11:17 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-14 11:17 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-14 11:17 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-12-14 11:17 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-12-14 11:17 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-14 11:17 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-14 11:17 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-14 11:17 - 2013-04-25 18:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-14 11:17 - 2013-03-31 17:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-14 11:17 - 2013-02-11 23:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-14 11:17 - 2012-11-28 17:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-14 11:17 - 2012-11-28 17:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-12-14 11:17 - 2012-11-28 17:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-12-14 11:17 - 2012-11-01 00:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-14 11:17 - 2012-11-01 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-12-14 11:17 - 2012-10-31 23:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-12-14 11:17 - 2012-10-31 23:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-14 11:17 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-14 11:17 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-12-14 11:17 - 2012-10-03 11:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-12-14 11:17 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-12-14 11:17 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-12-14 11:17 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-14 11:17 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-12-14 11:17 - 2012-01-13 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-12-14 11:16 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-14 11:16 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-14 11:16 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-14 11:16 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-14 11:16 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-14 11:16 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-14 11:16 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-14 11:16 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-12-14 11:16 - 2012-11-22 00:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-14 11:16 - 2012-11-21 23:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-12-14 11:16 - 2012-11-02 00:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-12-14 11:16 - 2012-11-02 00:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-12-14 11:16 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-12-14 11:15 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-14 11:15 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-14 11:15 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-14 11:15 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-14 11:15 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-14 11:15 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-12-14 11:15 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-12-14 11:15 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-12-14 11:14 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-14 11:14 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-14 11:14 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-14 11:14 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-14 11:14 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-14 11:14 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-14 11:14 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-14 11:14 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-14 11:14 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-14 11:14 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-14 11:14 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-14 11:14 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-14 11:14 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-14 11:14 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-14 11:14 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-14 11:14 - 2012-11-30 00:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-12-14 11:14 - 2012-11-30 00:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-12-14 11:14 - 2012-11-30 00:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-12-14 11:14 - 2012-11-29 18:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-14 11:14 - 2012-11-29 18:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-14 11:14 - 2012-08-10 19:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-14 11:14 - 2012-08-10 18:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-12-14 11:13 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-14 11:13 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-14 11:13 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-14 11:13 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-14 11:13 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-12-14 11:13 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-12-14 11:13 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-14 11:13 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-14 11:13 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-14 11:13 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-12-14 11:13 - 2012-11-22 22:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-14 11:13 - 2012-09-25 17:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-12-14 11:13 - 2012-09-25 17:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-12-14 11:12 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-14 11:12 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-14 11:12 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-14 11:12 - 2013-01-03 01:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-14 11:12 - 2012-08-22 13:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-12-14 11:12 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-14 11:12 - 2012-07-04 17:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-12-14 11:12 - 2012-07-04 17:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-12-14 11:12 - 2012-07-04 16:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-12-14 11:12 - 2012-07-04 16:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-12-14 11:12 - 2012-05-05 03:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-14 11:12 - 2012-05-05 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-12-14 11:11 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-14 11:11 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-14 11:11 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-12-14 11:11 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-12-14 11:10 - 2013-12-14 11:10 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 11:10 - 2013-12-14 11:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 11:10 - 2013-12-14 11:10 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 11:10 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 11:10 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 11:10 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-14 11:10 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-14 11:10 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-14 11:10 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 11:10 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-14 11:10 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 11:10 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-14 11:10 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 11:10 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 11:10 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 11:10 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 11:10 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-14 11:10 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-12-14 11:10 - 2012-05-14 00:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-14 11:10 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-14 10:56 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-08 11:13 - 2013-12-08 11:13 - 00000000 ____D C:\Windows\pss
2013-12-08 10:54 - 2013-12-08 10:54 - 00000000 ____D C:\1c6d5c5c614f110a22a35b09d9
2013-12-08 02:00 - 2013-12-08 02:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-08 02:00 - 2013-12-08 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-08 01:52 - 2013-12-08 01:52 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Avg2013
2013-12-06 15:02 - 2013-12-06 15:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-06 14:54 - 2013-12-06 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-06 13:34 - 2013-12-06 13:34 - 00000000 ____D C:\ProgramData\Oracle
2013-12-06 13:22 - 2013-12-06 13:21 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-06 13:22 - 2013-12-06 13:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-06 13:22 - 2013-12-06 13:21 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-06 13:22 - 2013-12-06 13:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-06 13:18 - 2013-12-06 13:18 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 13:03 - 2013-12-06 13:03 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-06 13:02 - 2013-12-06 13:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-06 13:02 - 2013-12-06 13:03 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 13:02 - 2013-12-06 13:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-06 13:02 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files\iPod
2013-12-06 12:49 - 2013-12-06 12:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-06 12:49 - 2013-12-06 12:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-06 12:47 - 2013-12-06 12:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 12:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2013-12-27 15:44 - 2013-12-27 15:43 - 00015894 _____ C:\Users\Mike & Rhi\Downloads\FRST.txt
2013-12-27 15:42 - 2013-12-27 15:42 - 01930746 _____ (Farbar) C:\Users\Mike & Rhi\Downloads\FRST64.exe
2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 ____D C:\FRST
2013-12-27 15:38 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 15:37 - 2013-12-27 15:37 - 00891200 _____ C:\Users\Mike & Rhi\Downloads\SecurityCheck.exe
2013-12-27 15:37 - 2011-02-08 16:40 - 01186959 _____ C:\Windows\WindowsUpdate.log
2013-12-27 15:16 - 2012-07-07 14:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 14:52 - 2012-01-20 18:30 - 00000334 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-12-27 14:51 - 2011-02-08 18:04 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 12:51 - 2011-02-08 18:04 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 03:25 - 2009-07-13 23:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 03:25 - 2009-07-13 23:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 03:20 - 2013-12-21 11:33 - 00000112 _____ C:\Windows\setupact.log
2013-12-22 03:20 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 14:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-21 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-12-21 14:05 - 2012-09-06 08:47 - 00000000 ____D C:\ProgramData\Real
2013-12-21 12:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-21 11:39 - 2011-02-08 18:00 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\HpUpdate
2013-12-21 11:38 - 2013-12-21 11:38 - 00688992 ____R (Swearware) C:\Users\Mike & Rhi\Downloads\dds(1).com
2013-12-21 11:33 - 2013-12-21 11:33 - 00000000 _____ C:\Windows\setuperr.log
2013-12-21 11:33 - 2011-02-08 13:50 - 00000000 ____D C:\Users\Mike & Rhi
2013-12-15 14:56 - 2013-12-15 14:56 - 00000347 _____ C:\Users\Mike & Rhi\Downloads\dds.com
2013-12-15 14:54 - 2012-01-21 14:07 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Qwiklinx
2013-12-15 14:42 - 2011-02-08 16:36 - 00000000 ____D C:\Windows\Panther
2013-12-15 01:44 - 2011-02-08 13:57 - 00064536 _____ C:\Users\Mike & Rhi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-15 01:43 - 2011-02-08 13:50 - 00001417 _____ C:\Users\Mike & Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-15 01:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-15 01:02 - 2013-12-15 01:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-15 00:55 - 2011-02-08 13:50 - 00000000 ___RD C:\Users\Mike & Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-15 00:55 - 2011-02-08 13:50 - 00000000 ___RD C:\Users\Mike & Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-15 00:55 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 00:52 - 2009-07-13 23:45 - 00294920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 00:49 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-15 00:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-15 00:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-14 21:39 - 2013-12-14 21:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 19:58 - 2013-12-14 19:50 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 12:17 - 2012-07-07 14:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 12:17 - 2012-07-07 14:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 12:17 - 2011-07-03 15:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 12:01 - 2011-02-08 18:07 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-14 11:34 - 2013-12-14 11:34 - 00002117 _____ C:\Users\Mike & Rhi\Desktop\Microsoft Security Essentials.lnk
2013-12-14 11:24 - 2012-01-21 14:06 - 00000000 ____D C:\ProgramData\Anti-phishing Domain Advisor
2013-12-14 11:14 - 2011-07-16 09:35 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Skype
2013-12-14 11:10 - 2013-12-14 11:10 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 11:10 - 2013-12-14 11:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 11:10 - 2013-12-14 11:10 - 00000000 ____D C:\Program Files\CCleaner
2013-12-08 11:13 - 2013-12-08 11:13 - 00000000 ____D C:\Windows\pss
2013-12-08 10:54 - 2013-12-08 10:54 - 00000000 ____D C:\1c6d5c5c614f110a22a35b09d9
2013-12-08 10:53 - 2011-10-22 15:02 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-08 02:34 - 2012-01-11 03:54 - 00000000 __SHD C:\Users\Mike & Rhi\AppData\Local\{299b7700-369c-71d5-6b51-31d0db243fee}
2013-12-08 02:01 - 2013-12-08 02:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-08 02:00 - 2013-12-08 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-08 01:58 - 2012-09-28 19:56 - 00000000 ____D C:\ProgramData\MFAData
2013-12-08 01:52 - 2013-12-08 01:52 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Avg2013
2013-12-08 01:51 - 2012-09-06 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-06 15:02 - 2013-12-06 15:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-06 14:59 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-06 14:59 - 2012-09-06 08:58 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Mozilla
2013-12-06 14:48 - 2012-09-28 20:00 - 00000000 ____D C:\ProgramData\AVG2013
2013-12-06 14:42 - 2011-07-16 09:35 - 00000000 ____D C:\ProgramData\Skype
2013-12-06 13:34 - 2013-12-06 13:34 - 00000000 ____D C:\ProgramData\Oracle
2013-12-06 13:21 - 2013-12-06 13:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-06 13:21 - 2013-12-06 13:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-06 13:21 - 2013-12-06 13:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-06 13:21 - 2013-12-06 13:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-06 13:21 - 2011-04-15 08:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-06 13:18 - 2013-12-06 13:18 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-06 13:18 - 2011-02-08 18:05 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Adobe
2013-12-06 13:17 - 2011-02-08 18:05 - 00000000 ____D C:\ProgramData\Adobe
2013-12-06 13:17 - 2011-02-08 18:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 13:03 - 2013-12-06 13:03 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-06 13:03 - 2013-12-06 13:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-06 13:03 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 13:03 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-06 13:02 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files\iPod
2013-12-06 12:56 - 2011-02-08 18:00 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-06 12:49 - 2013-12-06 12:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-06 12:49 - 2013-12-06 12:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-06 12:47 - 2013-12-06 12:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 12:46 - 2011-02-08 18:04 - 00003910 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 12:46 - 2011-02-08 18:04 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-01 14:42 - 2011-02-08 14:25 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

ZeroAccess:
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\@
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\00000004.@
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\1afb2d56
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\201d3dde

ZeroAccess:
C:\Users\Mike & Rhi\AppData\Local\{299b7700-369c-71d5-6b51-31d0db243fee}

Files to move or delete:
====================
C:\Users\Mike & Rhi\AppData\Roaming\skype.ini
C:\Users\Mike & Rhi\java.exe
C:\Users\Mike & Rhi\mstsc.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 12:19

==================== End Of Log ============================


Here is the ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2013 01
Ran by Mike & Rhi at 2013-12-27 15:44:48
Running from C:\Users\Mike & Rhi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
AIM 7 (x32)
Anti-phishing Domain Advisor (x32 Version: 1.1.0.1)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2013 (Version: 13.0.2677)
AVG 2013 (Version: 13.0.2740)
AVG 2013 (Version: 13.0.2741)
AVG 2013 (Version: 13.0.2742)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 13.0.2890)
AVG 2013 (Version: 2013.0.2904)
B209a-m (x32 Version: 140.0.690.000)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.212.000)
CCleaner (Version: 4.08)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
Critical Security Update (HKCU)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
Diamond Xtreme Audio
Download Updater (AOL LLC) (x32)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
GPBaseService2 (x32 Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.6972)
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Product Detection (x32 Version: 10.7.9.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.002.002)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
iCloud (Version: 3.1.0.40)
Intel® Management Engine Interface
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 38 (x32 Version: 6.0.380)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LeapFrog Connect (x32 Version: 3.2.19.13664)
LeapFrog My Pals Plugin (x32 Version: 3.2.19.13664)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 140.0.215.000)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
QuickTransfer (x32 Version: 140.0.98.000)
Qwiklinx (x32 Version: 1.0.0.686)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Scan (x32 Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
Shop To Win (x32 Version: 1.1.0.0)
Skype Toolbars (x32 Version: 5.5.7896)
Skype™ 5.10 (x32 Version: 5.10.116)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.213.000)
Status (x32 Version: 140.0.212.000)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WebReg (x32 Version: 140.0.212.017)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Yontoo 1.10.02 (Version: 1.10.02) <==== ATTENTION

==================== Restore Points  =========================

26-12-2013 05:00:01 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1DB17663-77F1-48BF-A90B-581557B61968} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08] (Google Inc.)
Task: {1EBC4782-DDC0-4D4F-A162-4BC3F4FFE617} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {21E66ED0-2B39-4C42-BF42-288754947038} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3956978838-2171088214-3426117351-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {4232EACF-5FC5-4F72-AE15-85513727CB27} - System32\Tasks\{21E44387-7B3F-4C05-8538-436364712DF8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {7A81408E-A4BC-4314-A6FE-0794D193EE21} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-01-20] ()
Task: {9F8070D5-952F-49A7-8D5E-324360481F42} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3956978838-2171088214-3426117351-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {9FB6468B-27F5-4327-913A-DE82A59E4E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08] (Google Inc.)
Task: {D62206C8-F6B8-445C-94D3-13C4174EE4A4} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {DF610433-A162-4BC0-BE58-F12735E9A701} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {E91EC325-488B-48F4-864C-3FD509133D5A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC15A295-CD41-49DD-BC91-04025504FD12} - System32\Tasks\{ED8F4CE1-4117-47D9-AB9E-5186AE3C1EC0} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {FD2A5D18-9E77-4353-840C-9F91C163F611} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3956978838-2171088214-3426117351-1001
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-14 09:19 - 2011-09-14 09:19 - 02348544 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
2011-09-14 09:19 - 2011-09-14 09:19 - 08500224 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
2013-12-06 14:54 - 2013-12-06 14:54 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (12/16/2013 03:23:32 AM) (Source: ESENT) (User: )
Description: Windows (3488) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00386.log.


System errors:
=============
Error: (12/27/2013 03:17:29 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/26/2013 03:20:41 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/26/2013 03:20:41 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/25/2013 06:28:59 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/25/2013 03:29:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/25/2013 03:23:21 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/24/2013 03:42:06 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/24/2013 03:26:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/23/2013 03:54:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (12/23/2013 03:28:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.165.387.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (12/16/2013 03:23:32 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (12/16/2013 03:23:32 AM) (Source: ESENT)(User: )
Description: Windows3488Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00386.log-1811


==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 5018.75 MB
Available physical RAM: 1569.87 MB
Total Pagefile: 10035.69 MB
Available Pagefile: 8078.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:242.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EB599BD0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:12 PM

Posted 27 December 2013 - 05:43 PM

Hey Codered, :)
 
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
==========
 
Next, please perform the following:
 
First.....

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe (Hopfully, this will never be necessary) :wink:

Next....

Please download the Revo Uninstaller to your desktop.

Note ---> Scroll down the page and be sure to download the "freeware" version not the "30d fully functional free trial"

  • Double click Revo.exe to install and run.
  • Highlight Yontoo 1.10.02.
  • Choose Uninstall.
  • Are you sure - Yes
  • Mode - Advanced
  • Are you sure - Yes
  • Initial Uninstall (This is the programs built-in uninstaller, wait for it to finish, if it asks you to reboot, choose not to at this point, then proceed by clicking Next).
  • Scanning for leftover Registry entries - After it finishes click Next (This will bring up a list of registry entries related to the uninstalled program).
  • Check the bolded boxes only!!!! <--- Important!! (You may have to expand the list by clicking on the "+" sign, then choosing the bolded entry.)
  • Click Delete
  • Click Yes
  • Scanning for leftover files (Similar to the registry left-over scan, except it will return a list of files / folders associated with the unistalled program). Once it finishes scanning. click Next
  • Click Select All
  • Click Delete
  • Click Yes
  • Click Finish

Reboot your computer, if Revo does not prompt you to do so.
 
==========
 
Along with the Fixlog.txt, update me on how your system is performing after running the fix.

Attached Files


Best Regards,
oneof4.


#9 Codered

Codered
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 27 December 2013 - 06:22 PM

I followed all the steps up until the Revo Uninstaller. I was not able to locate the Yontoo 1.10.02 in the Revo Uninstaller. Even though it does show up in the Add/change/uninstall in the control panel.

 

 

Here is the log for FixLog.txt

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2013 01
Ran by Mike & Rhi at 2013-12-27 18:02:05 Run:1
Running from C:\Users\Mike & Rhi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Mike & Rhi\AppData\Local\{299b7700-369c-71d5-6b51-31d0db243fee}\n. ATTENTION! ====> ZeroAccess?
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110210191222561&tb_oid=10-02-2011&tb_mrud=10-02-2011
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110210191222561&tb_oid=10-02-2011&tb_mrud=10-02-2011
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=108907&mntrId=2ccab167000000000000001cc0eec7df
SearchScopes: HKCU - {B07994D2-FF0A-4D46-8E40-FDA8D7824F98} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=3B7D653C-E574-4B07-9A42-D808D59ABFD9&apn_sauid=165A7F9F-5DD5-4877-A718-8758E2B01396
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Shop to Win - {F9E44926-2497-46F3-8A25-928136AC079E} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll (Shop To Win, LLC)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF SearchEngineOrder.1: Ask.com
FF SearchPlugin: C:\Users\Mike & Rhi\AppData\Roaming\Mozilla\Firefox\Profiles\sq87c2c3.default\searchplugins\askcom.xml
CHR Extension: (Yontoo) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\MIKE&R~1\AppData\Local\Temp\YontooLayers.crx
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\@
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\00000004.@
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\1afb2d56
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\201d3dde
C:\Users\Mike & Rhi\AppData\Local\{299b7700-369c-71d5-6b51-31d0db243fee}
C:\Users\Mike & Rhi\AppData\Roaming\skype.ini
C:\Users\Mike & Rhi\java.exe
C:\Users\Mike & Rhi\mstsc.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => Key deleted successfully.
HKCR\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B07994D2-FF0A-4D46-8E40-FDA8D7824F98} => Key deleted successfully.
HKCR\CLSID\{B07994D2-FF0A-4D46-8E40-FDA8D7824F98} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E44926-2497-46F3-8A25-928136AC079E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F9E44926-2497-46F3-8A25-928136AC079E} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Mike & Rhi\AppData\Roaming\Mozilla\Firefox\Profiles\sq87c2c3.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc => Key deleted successfully.
"C:\Users\MIKE&R~1\AppData\Local\Temp\YontooLayers.crx" => File/Directory not found.
C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee} => Moved successfully.
"C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\@" => File/Directory not found.
"C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\1afb2d56" => File/Directory not found.
"C:\Windows\Installer\{299b7700-369c-71d5-6b51-31d0db243fee}\L\201d3dde" => File/Directory not found.
C:\Users\Mike & Rhi\AppData\Local\{299b7700-369c-71d5-6b51-31d0db243fee} => Moved successfully.
C:\Users\Mike & Rhi\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Mike & Rhi\java.exe => Moved successfully.
C:\Users\Mike & Rhi\mstsc.exe => Moved successfully.

==== End of Fixlog ====



#10 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:12 PM

Posted 27 December 2013 - 07:37 PM

Try removing Yontoo using the standard Windows uninstaller in Control Panel then.  Afterward, give me an update on the behavior of the computer now.


Best Regards,
oneof4.


#11 Codered

Codered
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 27 December 2013 - 08:27 PM

i uninstalled yontoo. restarted the pc, Now its not booting up properly. kept shutting down after the windows logo. I am currently running the start up repair.



#12 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:12 PM

Posted 27 December 2013 - 09:00 PM

Did it boot ok before removing Yontoo?


Best Regards,
oneof4.


#13 Codered

Codered
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 27 December 2013 - 09:12 PM

before following the steps, yes. The pc did boot properly. The only time I restarted the computer throughout these instructions was after uninstalling yontoo.

 

The startup repair failed. It said it was unable to repair automatically. I cannot boot the pc normally, I am currently loaded into safe mode.



#14 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:12 PM

Posted 27 December 2013 - 09:15 PM

Okay, I don't think Yontoo is at fault...directly.  It is probably a system file or driver that the ZeroAccess infection latched onto.

 

From safe mode, run FRST again and post the log.


Best Regards,
oneof4.


#15 Codered

Codered
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 27 December 2013 - 09:21 PM

here is the log for FRST.txt scan

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by Mike & Rhi (administrator) on MICHAEL-PC on 27-12-2013 21:19:18
Running from C:\Users\Mike & Rhi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-09-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_ROC_NT] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDA0B1135C1C7CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Mike & Rhi\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.144.187.199 216.144.187.101 204.186.110.76

FireFox:
========
FF ProfilePath: C:\Users\Mike & Rhi\AppData\Roaming\Mozilla\Firefox\Profiles\sq87c2c3.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Mike & Rhi\AppData\Roaming\Mozilla\Firefox\Profiles\sq87c2c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Skype Extension) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0
CHR Extension: (Gmail) - C:\Users\Mike & Rhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1164288 2009-04-14] (C-Media Inc)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 21:18 - 2013-12-27 21:18 - 01930746 _____ (Farbar) C:\Users\Mike & Rhi\Downloads\FRST64.exe
2013-12-27 20:21 - 2013-12-27 21:02 - 00001384 _____ C:\Windows\PFRO.log
2013-12-27 18:23 - 2013-12-27 18:23 - 00003264 _____ C:\Windows\System32\Tasks\{A6BE0075-73B6-4870-BAED-6615FD2471F0}
2013-12-27 18:15 - 2013-12-27 18:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mike & Rhi\Downloads\revosetup.exe
2013-12-27 18:15 - 2013-12-27 18:15 - 00000753 _____ C:\Users\Mike & Rhi\Desktop\Revo Uninstaller.lnk
2013-12-27 18:13 - 2013-12-27 18:13 - 00003228 _____ C:\Windows\System32\Tasks\{EC79B2E1-32C1-4179-A5F8-C57ECBFEA05C}
2013-12-27 18:09 - 2013-12-27 18:14 - 00000000 ____D C:\Users\Mike & Rhi\Desktop\BUreg
2013-12-27 16:42 - 2013-12-27 16:42 - 00000000 _____ C:\Users\Mike & Rhi\Desktop\checkup.txt
2013-12-27 15:48 - 2013-12-27 15:48 - 00000635 _____ C:\Users\Mike & Rhi\Desktop\Addition.txt.lnk
2013-12-27 15:48 - 2013-12-27 15:48 - 00000611 _____ C:\Users\Mike & Rhi\Desktop\FRST.txt.lnk
2013-12-27 15:44 - 2013-12-27 15:45 - 00022899 _____ C:\Users\Mike & Rhi\Downloads\Addition.txt
2013-12-27 15:43 - 2013-12-27 21:19 - 00000000 _____ C:\Users\Mike & Rhi\Downloads\FRST.txt
2013-12-27 15:42 - 2013-12-27 15:42 - 01930746 _____ (Farbar) C:\Users\Mike & Rhi\Desktop\FRST64.exe
2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 ____D C:\FRST
2013-12-27 15:37 - 2013-12-27 15:37 - 00891200 _____ C:\Users\Mike & Rhi\Downloads\SecurityCheck.exe
2013-12-22 03:02 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-22 03:02 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-22 03:02 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-22 03:02 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-22 03:02 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-22 03:02 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-22 03:02 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-22 03:02 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-22 03:02 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-22 03:02 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-22 03:02 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-22 03:02 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-22 03:02 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-22 03:02 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-22 03:02 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-22 03:02 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-22 03:02 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-22 03:02 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-22 03:02 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-22 03:02 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-22 03:02 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-22 03:02 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-22 03:02 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-22 03:02 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-22 03:02 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-22 03:02 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-22 03:02 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-22 03:02 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-22 03:02 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-22 03:02 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-22 03:02 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-21 11:41 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-21 11:41 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-21 11:41 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-21 11:41 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-21 11:41 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-12-21 11:41 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-12-21 11:38 - 2013-12-21 11:38 - 00688992 ____R (Swearware) C:\Users\Mike & Rhi\Downloads\dds(1).com
2013-12-21 11:33 - 2013-12-22 03:20 - 00000112 _____ C:\Windows\setupact.log
2013-12-21 11:33 - 2013-12-21 11:33 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 14:56 - 2013-12-15 14:56 - 00000347 _____ C:\Users\Mike & Rhi\Downloads\dds.com
2013-12-15 01:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-15 01:02 - 2013-12-15 01:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-14 23:29 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 23:29 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 23:29 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 23:29 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-14 20:13 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-14 20:13 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-14 20:13 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-14 20:13 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-14 20:13 - 2012-06-02 09:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-14 19:50 - 2013-12-14 19:58 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 11:36 - 2013-02-15 01:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-12-14 11:36 - 2013-02-15 01:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-12-14 11:36 - 2013-02-15 01:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-12-14 11:36 - 2013-02-14 23:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-12-14 11:36 - 2013-02-14 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-12-14 11:36 - 2013-02-14 22:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-12-14 11:36 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-12-14 11:36 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-12-14 11:36 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-12-14 11:36 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-12-14 11:34 - 2013-12-14 11:34 - 00002117 _____ C:\Users\Mike & Rhi\Desktop\Microsoft Security Essentials.lnk
2013-12-14 11:27 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 11:27 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 11:27 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-14 11:27 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-12-14 11:21 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-12-14 11:21 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-12-14 11:21 - 2013-02-27 01:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-12-14 11:21 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-12-14 11:20 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 11:20 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-14 11:20 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-14 11:20 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-12-14 11:20 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-12-14 11:20 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-12-14 11:20 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-12-14 11:20 - 2013-04-12 09:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-14 11:20 - 2013-03-19 00:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-14 11:20 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-14 11:19 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 11:19 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 11:19 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 11:19 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 11:18 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-14 11:18 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-14 11:18 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-14 11:18 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 11:18 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-14 11:18 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-14 11:18 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-14 11:18 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 11:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-14 11:18 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-14 11:18 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-14 11:18 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-14 11:18 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-14 11:18 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-14 11:18 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-14 11:18 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-14 11:18 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-14 11:18 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-14 11:18 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-14 11:18 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-14 11:18 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-14 11:18 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-14 11:18 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-14 11:18 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-14 11:18 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-12-14 11:18 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-12-14 11:18 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-12-14 11:18 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-14 11:18 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-12-14 11:18 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-12-14 11:18 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-12-14 11:18 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-14 11:18 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-12-14 11:18 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-12-14 11:17 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-12-14 11:17 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-12-14 11:17 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-12-14 11:17 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-12-14 11:17 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-12-14 11:17 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-12-14 11:17 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-12-14 11:17 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-14 11:17 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-12-14 11:17 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-14 11:17 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-14 11:17 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-12-14 11:17 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-12-14 11:17 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-14 11:17 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-14 11:17 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-14 11:17 - 2013-04-25 18:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-14 11:17 - 2013-03-31 17:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-14 11:17 - 2013-02-11 23:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-12-14 11:17 - 2012-11-28 17:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-12-14 11:17 - 2012-11-28 17:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-12-14 11:17 - 2012-11-28 17:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-12-14 11:17 - 2012-11-01 00:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-12-14 11:17 - 2012-11-01 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-12-14 11:17 - 2012-10-31 23:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-12-14 11:17 - 2012-10-31 23:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-12-14 11:17 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-14 11:17 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-14 11:17 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-12-14 11:17 - 2012-10-03 11:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-12-14 11:17 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-12-14 11:17 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-12-14 11:17 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-14 11:17 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-12-14 11:17 - 2012-01-13 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-12-14 11:16 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-14 11:16 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-14 11:16 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-14 11:16 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-14 11:16 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-14 11:16 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-14 11:16 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-14 11:16 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-12-14 11:16 - 2012-11-22 00:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-14 11:16 - 2012-11-21 23:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-12-14 11:16 - 2012-11-02 00:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-12-14 11:16 - 2012-11-02 00:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-12-14 11:16 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-12-14 11:15 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-14 11:15 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-14 11:15 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-14 11:15 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-14 11:15 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-14 11:15 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-12-14 11:15 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-12-14 11:15 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-14 11:15 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-14 11:15 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-12-14 11:15 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-12-14 11:14 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-14 11:14 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-14 11:14 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-14 11:14 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-14 11:14 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-14 11:14 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-14 11:14 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-14 11:14 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-14 11:14 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-14 11:14 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-14 11:14 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-14 11:14 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-14 11:14 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-14 11:14 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-14 11:14 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-14 11:14 - 2012-11-30 00:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-12-14 11:14 - 2012-11-30 00:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-12-14 11:14 - 2012-11-30 00:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-12-14 11:14 - 2012-11-29 18:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-14 11:14 - 2012-11-29 18:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-14 11:14 - 2012-08-10 19:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-12-14 11:14 - 2012-08-10 18:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-12-14 11:13 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-14 11:13 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-14 11:13 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-12-14 11:13 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-12-14 11:13 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-12-14 11:13 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-12-14 11:13 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-14 11:13 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-14 11:13 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-14 11:13 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-12-14 11:13 - 2012-11-22 22:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-12-14 11:13 - 2012-09-25 17:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-12-14 11:13 - 2012-09-25 17:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-12-14 11:12 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-14 11:12 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-14 11:12 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-14 11:12 - 2013-01-03 01:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-12-14 11:12 - 2012-08-22 13:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-12-14 11:12 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-12-14 11:12 - 2012-07-04 17:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-12-14 11:12 - 2012-07-04 17:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-12-14 11:12 - 2012-07-04 16:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-12-14 11:12 - 2012-07-04 16:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-12-14 11:12 - 2012-05-05 03:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-14 11:12 - 2012-05-05 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-12-14 11:11 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-12-14 11:11 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-12-14 11:11 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-12-14 11:11 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-12-14 11:10 - 2013-12-14 11:10 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 11:10 - 2013-12-14 11:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 11:10 - 2013-12-14 11:10 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 11:10 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 11:10 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 11:10 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-14 11:10 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-14 11:10 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-14 11:10 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 11:10 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-14 11:10 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 11:10 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-14 11:10 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 11:10 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 11:10 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 11:10 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 11:10 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-14 11:10 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-12-14 11:10 - 2012-05-14 00:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-12-14 11:10 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-14 10:56 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-08 11:13 - 2013-12-08 11:13 - 00000000 ____D C:\Windows\pss
2013-12-08 10:54 - 2013-12-08 10:54 - 00000000 ____D C:\1c6d5c5c614f110a22a35b09d9
2013-12-08 02:00 - 2013-12-08 02:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-08 02:00 - 2013-12-08 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-08 01:52 - 2013-12-08 01:52 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Avg2013
2013-12-06 15:02 - 2013-12-06 15:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-06 14:54 - 2013-12-06 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-06 13:34 - 2013-12-06 13:34 - 00000000 ____D C:\ProgramData\Oracle
2013-12-06 13:22 - 2013-12-06 13:21 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-06 13:22 - 2013-12-06 13:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-06 13:22 - 2013-12-06 13:21 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-06 13:22 - 2013-12-06 13:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-06 13:18 - 2013-12-06 13:18 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 13:03 - 2013-12-06 13:03 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-06 13:02 - 2013-12-06 13:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-06 13:02 - 2013-12-06 13:03 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 13:02 - 2013-12-06 13:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-06 13:02 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files\iPod
2013-12-06 12:49 - 2013-12-06 12:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-06 12:49 - 2013-12-06 12:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-06 12:47 - 2013-12-06 12:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 12:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2013-12-27 21:19 - 2013-12-27 15:43 - 00000000 _____ C:\Users\Mike & Rhi\Downloads\FRST.txt
2013-12-27 21:18 - 2013-12-27 21:18 - 01930746 _____ (Farbar) C:\Users\Mike & Rhi\Downloads\FRST64.exe
2013-12-27 21:18 - 2011-02-08 16:40 - 01196845 _____ C:\Windows\WindowsUpdate.log
2013-12-27 21:12 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 21:02 - 2013-12-27 20:21 - 00001384 _____ C:\Windows\PFRO.log
2013-12-27 20:16 - 2012-07-07 14:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 19:52 - 2012-01-20 18:30 - 00000334 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-12-27 19:51 - 2011-02-08 18:04 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 18:23 - 2013-12-27 18:23 - 00003264 _____ C:\Windows\System32\Tasks\{A6BE0075-73B6-4870-BAED-6615FD2471F0}
2013-12-27 18:15 - 2013-12-27 18:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mike & Rhi\Downloads\revosetup.exe
2013-12-27 18:15 - 2013-12-27 18:15 - 00000753 _____ C:\Users\Mike & Rhi\Desktop\Revo Uninstaller.lnk
2013-12-27 18:14 - 2013-12-27 18:09 - 00000000 ____D C:\Users\Mike & Rhi\Desktop\BUreg
2013-12-27 18:13 - 2013-12-27 18:13 - 00003228 _____ C:\Windows\System32\Tasks\{EC79B2E1-32C1-4179-A5F8-C57ECBFEA05C}
2013-12-27 18:02 - 2011-02-08 13:50 - 00000000 ____D C:\Users\Mike & Rhi
2013-12-27 16:42 - 2013-12-27 16:42 - 00000000 _____ C:\Users\Mike & Rhi\Desktop\checkup.txt
2013-12-27 15:48 - 2013-12-27 15:48 - 00000635 _____ C:\Users\Mike & Rhi\Desktop\Addition.txt.lnk
2013-12-27 15:48 - 2013-12-27 15:48 - 00000611 _____ C:\Users\Mike & Rhi\Desktop\FRST.txt.lnk
2013-12-27 15:45 - 2013-12-27 15:44 - 00022899 _____ C:\Users\Mike & Rhi\Downloads\Addition.txt
2013-12-27 15:42 - 2013-12-27 15:42 - 01930746 _____ (Farbar) C:\Users\Mike & Rhi\Desktop\FRST64.exe
2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 ____D C:\FRST
2013-12-27 15:37 - 2013-12-27 15:37 - 00891200 _____ C:\Users\Mike & Rhi\Downloads\SecurityCheck.exe
2013-12-27 12:51 - 2011-02-08 18:04 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 03:25 - 2009-07-13 23:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 03:25 - 2009-07-13 23:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 03:20 - 2013-12-21 11:33 - 00000112 _____ C:\Windows\setupact.log
2013-12-22 03:20 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 14:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-21 14:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-12-21 14:05 - 2012-09-06 08:47 - 00000000 ____D C:\ProgramData\Real
2013-12-21 12:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-21 11:39 - 2011-02-08 18:00 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\HpUpdate
2013-12-21 11:38 - 2013-12-21 11:38 - 00688992 ____R (Swearware) C:\Users\Mike & Rhi\Downloads\dds(1).com
2013-12-21 11:33 - 2013-12-21 11:33 - 00000000 _____ C:\Windows\setuperr.log
2013-12-15 14:56 - 2013-12-15 14:56 - 00000347 _____ C:\Users\Mike & Rhi\Downloads\dds.com
2013-12-15 14:54 - 2012-01-21 14:07 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Qwiklinx
2013-12-15 14:42 - 2011-02-08 16:36 - 00000000 ____D C:\Windows\Panther
2013-12-15 01:44 - 2011-02-08 13:57 - 00064536 _____ C:\Users\Mike & Rhi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-15 01:43 - 2011-02-08 13:50 - 00001417 _____ C:\Users\Mike & Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-15 01:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-15 01:02 - 2013-12-15 01:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-15 01:02 - 2013-12-15 01:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-15 01:02 - 2013-12-15 01:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-15 01:02 - 2013-12-15 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-15 01:02 - 2013-12-15 01:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-15 01:02 - 2013-12-15 01:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-15 00:55 - 2011-02-08 13:50 - 00000000 ___RD C:\Users\Mike & Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-15 00:55 - 2011-02-08 13:50 - 00000000 ___RD C:\Users\Mike & Rhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-15 00:55 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 00:52 - 2009-07-13 23:45 - 00294920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-15 00:49 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-15 00:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-15 00:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-12-15 00:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-12-14 21:39 - 2013-12-14 21:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 21:39 - 2013-12-14 21:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-14 19:58 - 2013-12-14 19:50 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 12:17 - 2012-07-07 14:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-14 12:17 - 2012-07-07 14:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 12:17 - 2011-07-03 15:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-14 12:01 - 2011-02-08 18:07 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-14 11:34 - 2013-12-14 11:34 - 00002117 _____ C:\Users\Mike & Rhi\Desktop\Microsoft Security Essentials.lnk
2013-12-14 11:24 - 2012-01-21 14:06 - 00000000 ____D C:\ProgramData\Anti-phishing Domain Advisor
2013-12-14 11:14 - 2011-07-16 09:35 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Skype
2013-12-14 11:10 - 2013-12-14 11:10 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-14 11:10 - 2013-12-14 11:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 11:10 - 2013-12-14 11:10 - 00000000 ____D C:\Program Files\CCleaner
2013-12-08 11:13 - 2013-12-08 11:13 - 00000000 ____D C:\Windows\pss
2013-12-08 10:54 - 2013-12-08 10:54 - 00000000 ____D C:\1c6d5c5c614f110a22a35b09d9
2013-12-08 10:53 - 2011-10-22 15:02 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-08 02:01 - 2013-12-08 02:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-08 02:00 - 2013-12-08 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-08 01:58 - 2012-09-28 19:56 - 00000000 ____D C:\ProgramData\MFAData
2013-12-08 01:52 - 2013-12-08 01:52 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Avg2013
2013-12-08 01:51 - 2012-09-06 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-06 15:02 - 2013-12-06 15:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-06 14:59 - 2013-12-06 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-06 14:59 - 2012-09-06 08:58 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Mozilla
2013-12-06 14:48 - 2012-09-28 20:00 - 00000000 ____D C:\ProgramData\AVG2013
2013-12-06 14:42 - 2011-07-16 09:35 - 00000000 ____D C:\ProgramData\Skype
2013-12-06 13:34 - 2013-12-06 13:34 - 00000000 ____D C:\ProgramData\Oracle
2013-12-06 13:21 - 2013-12-06 13:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-06 13:21 - 2013-12-06 13:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-06 13:21 - 2013-12-06 13:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-06 13:21 - 2013-12-06 13:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-06 13:21 - 2011-04-15 08:57 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-06 13:18 - 2013-12-06 13:18 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-06 13:18 - 2011-02-08 18:05 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Local\Adobe
2013-12-06 13:17 - 2011-02-08 18:05 - 00000000 ____D C:\ProgramData\Adobe
2013-12-06 13:17 - 2011-02-08 18:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-06 13:13 - 2013-12-06 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 13:03 - 2013-12-06 13:03 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-06 13:03 - 2013-12-06 13:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-06 13:03 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files\iTunes
2013-12-06 13:03 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-06 13:02 - 2013-12-06 13:02 - 00000000 ____D C:\Program Files\iPod
2013-12-06 12:56 - 2011-02-08 18:00 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-06 12:49 - 2013-12-06 12:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-06 12:49 - 2013-12-06 12:49 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-06 12:47 - 2013-12-06 12:47 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Users\Mike & Rhi\AppData\Roaming\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-06 12:47 - 2013-12-06 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 12:46 - 2011-02-08 18:04 - 00003910 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 12:46 - 2011-02-08 18:04 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-01 14:42 - 2011-02-08 14:25 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 12:19

==================== End Of Log ============================






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users