Jump to content

Need advice on what to remove, and what to keep.


Recommended Posts

Hi all,

 

My computer just finished it's first full scan, and I'm not sure what to keep and what to delete. I tried this on my old laptop, and I most likely fried the harddrive by deleting something that I shouldn't have.

 

This computer has been running at ~98% CPU for the last week or so. After checking Task Manager over the last 5 days, it looks like the main causes are "WMI Provider Host" (using around 30-40% non-stop), and something called "Compete DCA Monitoring Tool" (using 20-35%). A few of the programs I've been concerned about are Arcade Parlor, Consumer Input (I think it's related to DCA monitoring tool), and the IE/Firefox/Chrome helpers. All of those were flagged by malwarebytes. Here's the log: 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.03.05.11
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Louise :: OWNER [administrator]
 
3/5/2014 2:26:10 PM
3-5-14.txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1000803
Time elapsed: 7 hour(s), 46 minute(s), 7 second(s)
 
Memory Processes Detected: 5
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 11684 -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 19528 -> No action taken.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 13684 -> No action taken.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 16468 -> No action taken.
C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe (PUP.Optional.Consumer.Input.A) -> 10080 -> No action taken.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 53
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\dcabho.Dca.1 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\dcabho.Dca (PUP.Optional.Consumer.Input.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> No action taken.
HKCR\ConsumerInputUpdate.CoCreateAsync (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.CoCreateAsync.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.CoreClass (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.CoreClass.1 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.CoreMachineClass (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.CoreMachineClass.1 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.CredentialDialogMachine (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.CredentialDialogMachine.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.ProcessLauncher (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.ProcessLauncher.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3COMClassService (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3COMClassService.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3WebMachine (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3WebMachine.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3WebSvc (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\ConsumerInputUpdate.Update3WebSvc.1.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\consumerinput_update (PUP.Optional.Consumer.Input.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CONSUMERINPUTUPDATE.EXE (PUP.Optional.Consumer.Input.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\consumerinput_updatem (PUP.Optional.Consumer.Input.A) -> No action taken.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> No action taken.
HKCR\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> No action taken.
HKCR\TypeLib\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C} (PUP.Optional.ArcadeParlor.A) -> No action taken.
HKCR\Interface\{96B4DEA0-F89C-475C-8124-B247260B7CB5} (PUP.Optional.ArcadeParlor.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74443DB-5A88-4583-860A-F0D06EF399E3} (PUP.Optional.ArcadeParlor.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\Interface\{15527BF5-9729-49DC-889C-9F956983154C} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CptUrlPassthru.HttpMonitor.1 (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CptUrlPassthru.HttpMonitor (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\TypeLib\{294BC5A4-7157-4131-AB81-1DEC393D0F0A} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\Interface\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7} (PUP.Optional.Consumer.Input.A) -> No action taken.
HKCR\CLSID\{95C8DE84-989C-4235-A5B1-84E8B6A4384A} (PUP.Optional.Consumer.Input.A) -> No action taken.
 
Registry Values Detected: 2
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 21
C:\ProgramData\RHelpers (PUP.Optional.Searchagent) -> No action taken.
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> No action taken.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> No action taken.
C:\Users\Louise\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> No action taken.
C:\Users\Louise\AppData\Local\Consumer Input (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Users\Louise\AppData\Local\Consumer Input\CrashReports (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\CrashReports (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Monitoring (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131 (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730} (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98} (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0 (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Install (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Offline (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Offline\{8FC92681-1A56-4C2B-9553-3B5369BEDFC0} (PUP.Optional.Consumer.Input.A) -> No action taken.
 
Files Detected: 57
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Geek Squad Backup\Backup\Louise\AppData\Roaming\Microsoft\Windows Security\Windows Security.exe (Trojan.MSIL) -> No action taken.
C:\Geek Squad Backup\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.
C:\Geek Squad Backup\Program Files (x86)\Inbox Toolbar\Inbox.dll (PUP.Optional.Inbox) -> No action taken.
C:\Geek Squad Backup\Users\Louise\Downloads\l337install.zip (Trojan.FakeFirefox) -> No action taken.
C:\Geek Squad Backup\Users\Louise\Downloads\pzn-nsft.zip (Malware.Packer.Gen) -> No action taken.
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci\5.85.3.27310_0\plugins\4zChromePlugIn.dll (PUP.Optional.Mindspark) -> No action taken.
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci\5.85.3.27310_0\plugins\SearchControl.dll (PUP.Optional.Mindspark) -> No action taken.
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RR1AZC2K\avg_free.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Windows\Tasks\ArcadeParlor.job (PUP.Optional.ArcadeParlor.A) -> No action taken.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Users\Louise\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) -> No action taken.
C:\Users\Louise\AppData\Local\ArcadeParlor\Arcadeparlor.dll (PUP.Optional.ArcadeParlor.A) -> No action taken.
C:\Users\Louise\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) -> No action taken.
C:\Users\Louise\AppData\Local\ArcadeParlor\removal.exe (PUP.Optional.ArcadeParlor.A) -> No action taken.
C:\Users\Louise\AppData\Local\ArcadeParlor\versioncheck.exe (PUP.Optional.ArcadeParlor.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\CIuninstall.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\CIuninstall.ico (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\cookie-retriever.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\cpturlpassthru.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-host.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\dca.js (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\logger.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\mozjs185-1.0.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.ico (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.log (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Monitoring\cinm-host.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Monitoring\manifest.json (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.ico (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\ConsumerInputCrashHandler.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\ConsumerInputUpdate.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\ConsumerInputUpdateBroker.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\ConsumerInputUpdateHelper.msi (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\ConsumerInputUpdateOnDemand.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdate.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdateres_de.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdateres_en.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdateres_es-419.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdateres_es.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdateres_fr.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdateres_ja.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\goopdateres_zh-CN.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\psmachine.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\1.3.25.131\psuser.dll (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12007.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12082.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\MonitoringTool-3.2.1-712.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\MonitoringTool-3.2.1-820.exe (PUP.Optional.Consumer.Input.A) -> No action taken.
 
(end)
 
I'm sure most of that needs to go, but I don't know if anything needs to stay. I'm about to create a system restore point just in case. Any help will be appreciated.
 
I was also planning on removing the Yahoo! Toolbar, InstallX Search Protect for Yahoo, and stopping the Yahoo! Updater (YahooAUservice).  Yea or Nay?
 
 
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

All of those entries listed by Malwarebytes are unwanted and should be removed...

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

The entries you list for removal I would say Yea

 

 

Yahoo! Toolbar, InstallX Search Protect for Yahoo, and stopping the Yahoo! Updater (YahooAUservice)

 

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Quick Scan finished. Looks good to me. The CPU was only using around 50% while running MBAM:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.06.07
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Louise :: OWNER [administrator]
 
3/6/2014 11:44:16 AM
mbam-log-2014-03-06 (11-44-16).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Heuristics/Extra | P2P
Objects scanned: 31490
Time elapsed: 6 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
Farbar is finished. CPU was also around 50% while running this.
 
I want to apologize ahead of time if there is any Piracy-related files/programs left on my system. My 10 year old son was using some program to download games off of the internet. That's what caused my last computer to crash. I took it to Geek Squad and they said that they would remove what they could while transferring my files. I tried to find anything before running the scan, but I'm not sure what I need to look for. If there's anything that is considered Piracy, please let me know and I will remove it ASAP.
 
--It said my post was too long. .txt Logs will be in my next post.
 

Additional - Farbar Recovery.txt

Link to post
Share on other sites

Here is the FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Louise (administrator) on OWNER on 06-03-2014 12:00:15
Running from C:\Users\Louise\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {9F4E6FDF-1157-42EC-B710-5E77EA6DEB11} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKLM - {9F4E6FDF-1157-42EC-B710-5E77EA6DEB11} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9F4E6FDF-1157-42EC-B710-5E77EA6DEB11} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKLM-x32 - {9F4E6FDF-1157-42EC-B710-5E77EA6DEB11} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {19A13FC3-C088-42F6-8D99-B82A9A2BC7CD} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {19A13FC3-C088-42F6-8D99-B82A9A2BC7CD} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9F4E6FDF-1157-42EC-B710-5E77EA6DEB11} URL = 
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140208,19890,0,25,0
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
Chrome: 
=======
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=0CF2870C-1744-4101-A3C0-910381126B4F&n=780b86bc&ind=2014021308&p2=^HJ^xdm636^S08332^us&si=314029
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-10]
CHR Extension: (Google Drive) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-10]
CHR Extension: (YouTube) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-10]
CHR Extension: (Google Search) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-10]
CHR Extension: (VideoDownloadConverter) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci [2014-02-13]
CHR Extension: (Norton Identity Protection) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-10]
CHR Extension: (Google Wallet) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10]
CHR Extension: (Gmail) - C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-10]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-07] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-07] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140304.002\IDSvia64.sys [524504 2014-03-05] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140306.003\ENG64.SYS [126040 2014-02-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140306.003\EX64.SYS [2099288 2014-02-24] (Symantec Corporation)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows ® Codename Longhorn DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-02-07] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-06 12:00 - 2014-03-06 12:00 - 00010567 _____ () C:\Users\Louise\Downloads\FRST.txt
2014-03-06 11:59 - 2014-03-06 12:00 - 00000000 ____D () C:\FRST
2014-03-06 11:57 - 2014-03-06 11:57 - 02156544 _____ (Farbar) C:\Users\Louise\Downloads\FRST64.exe
2014-03-06 11:32 - 2014-03-06 11:32 - 00007661 _____ () C:\Users\Louise\AppData\Local\Resmon.ResmonCfg
2014-03-05 14:25 - 2014-03-05 14:25 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Malwarebytes
2014-03-05 14:24 - 2014-03-05 14:24 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-05 14:24 - 2014-03-05 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 14:24 - 2014-03-05 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 14:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 14:23 - 2014-03-05 14:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Louise\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Itibiti
2014-03-02 22:42 - 2014-03-02 22:42 - 00001332 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-03-02 22:42 - 2014-03-02 22:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Myths of the World - Spirit Wolf Collectors Edition
2014-03-02 22:42 - 2014-03-02 22:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Eipix
2014-03-02 22:42 - 2014-03-02 22:42 - 00000000 ____D () C:\Program Files (x86)\Myths of the World - Spirit Wolf Collectors Edition
2014-02-28 21:57 - 2014-02-28 21:57 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-28 21:53 - 2014-02-28 21:53 - 00000000 ____D () C:\ProgramData\SearchDonkey
2014-02-27 21:27 - 2014-02-27 21:27 - 00000000 ____D () C:\ProgramData\Elephant Games
2014-02-27 21:25 - 2014-02-27 21:26 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - The Legacy
2014-02-27 21:25 - 2014-02-27 21:25 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - The Legacy
2014-02-27 21:15 - 2014-02-27 21:15 - 00236648 _____ (Big Fish Games) C:\Users\Louise\Downloads\grim-tales-the-legacy_s1_l1_gF7003T1L1_d2262816596.exe
2014-02-27 18:52 - 2014-02-27 18:52 - 00017567 _____ () C:\Users\Louise\Documents\Kansas Counties - Alphabetical List.htm
2014-02-27 18:52 - 2014-02-27 18:52 - 00000000 ____D () C:\Users\Louise\Documents\Kansas Counties - Alphabetical List_files
2014-02-27 16:20 - 2014-02-27 16:28 - 00000000 ____D () C:\Users\Louise\Documents\18 WoS American Long Haul
2014-02-26 23:55 - 2014-03-04 13:32 - 00002350 ____N () C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2014-02-26 20:41 - 2014-02-26 23:51 - 00000000 ___RD () C:\Users\Louise\Desktop\Games
2014-02-26 20:09 - 2014-02-26 20:09 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\GameCards
2014-02-25 21:55 - 2014-02-25 21:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-25 21:55 - 2014-02-25 21:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-25 21:53 - 2014-02-25 21:53 - 13079688 _____ (Microsoft Corporation) C:\Users\Louise\Downloads\Silverlight_x64.exe
2014-02-25 19:02 - 2014-02-25 19:02 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Alawar
2014-02-25 18:12 - 2014-02-25 18:13 - 00000000 ____D () C:\Program Files (x86)\Midnight Castle
2014-02-25 18:12 - 2014-02-25 18:12 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Midnight Castle
2014-02-25 17:00 - 2014-03-04 16:18 - 00000000 ____D () C:\Users\Louise\Documents\TurboTax
2014-02-25 16:57 - 2014-02-25 16:57 - 00000000 ____D () C:\Users\Louise\AppData\Local\IsolatedStorage
2014-02-25 16:48 - 2014-03-04 13:38 - 00000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-25 16:48 - 2014-02-25 16:48 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Intuit
2014-02-25 16:45 - 2014-02-25 16:45 - 00002531 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-25 16:41 - 2014-02-25 16:44 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-25 16:41 - 2014-02-25 16:41 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-02-25 16:40 - 2014-02-25 16:40 - 94408040 _____ () C:\Users\Louise\Desktop\wturbotax1040habamz20130900101.exe
2014-02-24 17:40 - 2014-02-24 17:40 - 514724831 _____ () C:\Windows\MEMORY.DMP
2014-02-24 17:40 - 2014-02-24 17:40 - 00279784 _____ () C:\Windows\Minidump\022414-18049-01.dmp
2014-02-24 17:40 - 2014-02-24 17:40 - 00000000 ____D () C:\Windows\Minidump
2014-02-22 23:42 - 2014-02-22 23:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\ERS Game Studios
2014-02-22 15:00 - 2014-02-27 21:27 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Elephant Games
2014-02-22 14:59 - 2014-02-22 14:59 - 00002145 _____ () C:\Users\Public\Desktop\Play Found - A Hidden Object Adventure.lnk
2014-02-22 14:58 - 2014-02-22 14:59 - 00000000 ____D () C:\Program Files (x86)\Found - A Hidden Object Adventure
2014-02-22 14:58 - 2014-02-22 14:58 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Found - A Hidden Object Adventure
2014-02-22 14:57 - 2014-02-22 14:57 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Behind the Reflection
2014-02-22 14:57 - 2014-02-22 14:57 - 00000000 ____D () C:\Program Files (x86)\Behind the Reflection
2014-02-22 14:52 - 2014-02-22 14:57 - 00000000 ____D () C:\Program Files (x86)\Maestro - Music of Death Collector's Edition
2014-02-22 14:52 - 2014-02-22 14:52 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maestro - Music of Death Collector's Edition
2014-02-22 14:37 - 2014-02-22 14:37 - 00000970 _____ () C:\Users\Public\Desktop\Games.lnk
2014-02-22 14:33 - 2014-02-22 14:59 - 00000000 ____D () C:\ProgramData\Big Fish
2014-02-22 14:33 - 2014-02-22 14:36 - 00000000 ____D () C:\Users\Louise\AppData\Local\Big Fish
2014-02-22 14:33 - 2014-02-22 14:36 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-02-22 14:32 - 2014-02-28 00:17 - 00000000 ____D () C:\BigFishCache
2014-02-22 14:15 - 2014-03-04 13:32 - 00001980 _____ () C:\WildTangent Games App - gateway.lnk
2014-02-19 11:26 - 2014-02-19 11:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-19 11:24 - 2014-02-19 11:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-02-18 11:41 - 2014-03-02 22:00 - 00000000 ____D () C:\Users\Louise\AppData\Local\CrashDumps
2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\SpinTop Games
2014-02-17 18:07 - 2014-02-17 18:07 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Compete
2014-02-17 17:58 - 2014-03-06 12:02 - 00000374 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-4057796617-2634750475-3372775748-1001.job
2014-02-17 17:58 - 2014-02-19 17:04 - 00003268 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-4057796617-2634750475-3372775748-1001
2014-02-17 17:58 - 2014-02-17 17:58 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-02-17 17:58 - 2014-02-17 17:58 - 00000000 ____D () C:\ProgramData\W3i
2014-02-17 17:58 - 2014-02-17 17:58 - 00000000 ____D () C:\Program Files (x86)\W3i
2014-02-17 17:57 - 2014-03-06 11:35 - 00000000 ____D () C:\ProgramData\Updater
2014-02-17 17:57 - 2014-03-06 11:35 - 00000000 ____D () C:\ProgramData\RHelpers
2014-02-17 17:57 - 2014-03-06 11:35 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
2014-02-17 17:57 - 2014-02-17 17:57 - 00001081 _____ () C:\Users\Public\Desktop\KNCTR.lnk
2014-02-17 17:57 - 2014-02-17 17:57 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2014-02-17 17:57 - 2014-02-17 17:57 - 00000000 ____D () C:\Program Files (x86)\mPlayer
2014-02-17 17:57 - 2014-02-17 17:57 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-02-17 17:56 - 2014-03-06 11:53 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-02-17 01:03 - 2014-02-17 01:03 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-17 01:03 - 2014-02-17 01:03 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-17 01:02 - 2014-02-17 01:02 - 00000000 ____D () C:\Users\Louise\AppData\Local\WarThunder
2014-02-17 01:02 - 2014-02-17 01:02 - 00000000 ____D () C:\ProgramData\WarThunder
2014-02-17 01:02 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-02-17 01:02 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-17 01:02 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-17 01:02 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-17 01:02 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-17 01:02 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-17 01:02 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-02-17 01:01 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-02-17 00:36 - 2014-02-17 00:36 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\T1 Games
2014-02-17 00:36 - 2014-02-17 00:36 - 00000000 ____D () C:\ProgramData\T1 Games
2014-02-16 17:58 - 2014-02-16 17:58 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\NevoSoft Games
2014-02-16 00:06 - 2014-03-01 11:01 - 00289192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-15 23:32 - 2014-02-15 23:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Tropico 4 Demo
2014-02-15 19:58 - 2014-02-18 16:23 - 00000000 ____D () C:\Users\Louise\Documents\My Games
2014-02-15 19:58 - 2014-02-18 16:23 - 00000000 ____D () C:\Users\Louise\AppData\Local\My Games
2014-02-15 19:58 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-02-15 19:58 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-02-15 19:58 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-02-15 19:58 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-02-15 19:58 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-15 19:57 - 2014-02-18 16:22 - 00062700 _____ () C:\Windows\DirectX.log
2014-02-15 19:57 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-02-15 19:57 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-15 19:57 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-02-15 19:57 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-02-15 19:57 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-02-15 19:57 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-15 19:57 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-15 19:57 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-02-15 19:57 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-02-15 19:57 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-15 19:57 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-02-15 19:57 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-15 19:57 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-02-15 19:57 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-02-15 19:57 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-02-15 19:57 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-02-15 19:57 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-02-15 19:57 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-02-15 19:57 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-02-15 19:57 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-02-15 19:57 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-02-15 19:57 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-02-15 19:57 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-02-15 19:57 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-02-15 19:57 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-02-15 19:57 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-02-15 19:57 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-02-15 19:57 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-02-15 19:57 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-02-15 19:57 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-15 19:57 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-02-15 19:57 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-15 19:57 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-02-15 19:57 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-15 19:57 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-02-15 19:57 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-15 19:57 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-15 19:57 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-15 19:57 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-15 19:57 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-15 19:57 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-15 19:57 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-15 19:57 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-15 19:57 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-15 19:57 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-15 19:57 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-15 19:57 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-15 19:57 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-15 19:57 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-15 19:57 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-15 19:57 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-15 19:57 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-15 19:57 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-15 19:57 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-15 19:57 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-15 19:57 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-15 19:57 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-15 19:57 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-15 19:57 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-15 19:57 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-15 19:57 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-15 19:57 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-15 19:57 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-15 19:57 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-15 19:57 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-02-15 19:57 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-02-15 19:57 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-02-15 19:57 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-02-15 19:57 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-02-15 19:57 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-02-15 19:57 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-02-15 19:57 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-02-15 19:57 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-02-15 19:57 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-02-15 19:57 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-02-15 19:57 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-02-15 19:57 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-02-15 19:57 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-02-15 19:57 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-02-15 19:57 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-02-15 19:57 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-02-15 19:57 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-02-15 19:57 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-02-15 19:57 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-02-15 19:57 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-02-15 19:57 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-02-15 19:57 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-02-15 19:57 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-02-15 19:57 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-02-15 19:57 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-02-15 19:57 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-02-15 19:57 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-02-15 19:57 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-02-15 19:57 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-02-15 19:57 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-02-15 19:57 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-02-15 19:57 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-02-15 19:57 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-02-15 19:57 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-02-15 19:57 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-02-15 19:57 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-02-15 19:57 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-02-15 19:57 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-02-15 19:57 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-15 19:57 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-02-15 19:57 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-02-15 19:57 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-02-15 19:57 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-02-15 19:57 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-15 19:57 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-02-15 19:57 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-02-15 19:57 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-02-15 19:57 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-02-15 19:57 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-02-15 19:57 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-02-15 19:57 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-02-15 19:57 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-02-15 19:57 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-15 19:57 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-15 19:57 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-02-15 19:57 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-02-15 19:57 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-02-15 19:57 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-02-15 19:57 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-02-15 19:57 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-02-15 19:57 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-02-15 19:57 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-02-15 19:57 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-02-15 19:57 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-02-15 19:57 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-02-15 19:57 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-02-15 19:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-02-15 19:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-02-15 19:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-02-15 19:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-02-15 19:57 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-02-15 19:57 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-02-15 19:57 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-02-15 19:57 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-02-15 19:32 - 2014-02-18 15:41 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-15 19:06 - 2014-03-04 19:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-15 19:06 - 2014-02-15 19:06 - 00000974 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-13 11:51 - 2014-02-01 01:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 11:51 - 2014-02-01 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 11:51 - 2014-02-01 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 11:51 - 2014-02-01 01:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-13 11:51 - 2014-02-01 01:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 11:51 - 2014-02-01 01:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 11:51 - 2014-01-31 23:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 11:51 - 2014-01-31 23:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 11:51 - 2014-01-31 23:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-13 11:51 - 2014-01-31 23:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 11:51 - 2014-01-31 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 11:51 - 2014-01-31 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 11:51 - 2014-01-31 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-13 11:51 - 2014-01-31 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 11:51 - 2014-01-31 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 11:51 - 2014-01-31 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 11:51 - 2014-01-31 23:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 11:51 - 2014-01-31 23:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 11:51 - 2014-01-31 21:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-13 11:51 - 2013-12-08 16:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 11:51 - 2013-12-08 15:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 11:51 - 2013-12-04 15:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 11:51 - 2013-12-04 15:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 11:51 - 2013-11-26 16:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-13 11:51 - 2013-11-25 15:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-13 11:51 - 2013-10-31 21:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-13 11:50 - 2014-02-01 01:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 11:50 - 2014-02-01 01:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 11:50 - 2014-01-31 23:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 11:50 - 2014-01-31 23:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 11:50 - 2014-01-31 23:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 11:50 - 2014-01-31 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-13 11:50 - 2014-01-12 15:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 11:50 - 2014-01-12 15:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 11:50 - 2013-12-04 15:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 11:50 - 2013-12-04 15:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 11:50 - 2013-11-19 16:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 11:50 - 2013-11-19 15:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 17:07 - 2014-02-12 17:07 - 00017122 _____ () C:\Users\Louise\Downloads\SecureMessageAtt (1).html
2014-02-10 13:40 - 2014-02-28 21:54 - 00007135 _____ () C:\Windows\system32\lvcoinst.log
2014-02-10 13:40 - 2014-02-10 13:40 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-02-10 00:01 - 2014-03-06 01:11 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 00:01 - 2014-02-16 17:06 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 00:01 - 2014-02-10 00:01 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-10 00:00 - 2014-03-06 11:35 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 00:00 - 2014-02-16 17:06 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-10 00:00 - 2014-02-10 00:01 - 00000000 ____D () C:\Users\Louise\AppData\Local\Google
2014-02-10 00:00 - 2014-02-10 00:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-10 00:00 - 2014-02-10 00:00 - 00000000 ____D () C:\Users\Louise\AppData\Local\Deployment
2014-02-10 00:00 - 2014-02-10 00:00 - 00000000 ____D () C:\Users\Louise\AppData\Local\Apps\2.0
2014-02-09 19:51 - 2014-02-09 19:51 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\MoonriseInteractive
2014-02-09 18:39 - 2014-02-09 18:39 - 00014853 _____ () C:\Users\Louise\Downloads\SecureMessageAtt.html
2014-02-09 18:25 - 2014-02-09 18:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-02-09 17:59 - 2014-02-09 17:59 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-09 17:58 - 2014-02-09 19:44 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\WildTangent
2014-02-08 21:51 - 2014-02-08 21:51 - 00000000 ____D () C:\BigFishGamesCache
2014-02-08 20:35 - 2013-06-01 03:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-02-08 20:35 - 2013-06-01 03:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-08 20:35 - 2013-06-01 03:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-02-08 20:35 - 2013-06-01 02:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-02-08 20:35 - 2013-06-01 01:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-02-08 20:35 - 2013-06-01 01:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-02-08 20:35 - 2013-06-01 01:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-02-08 20:35 - 2013-06-01 01:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-02-08 20:35 - 2013-06-01 01:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-02-08 20:35 - 2013-06-01 01:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-02-08 20:35 - 2013-06-01 01:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-02-08 20:35 - 2013-06-01 01:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-02-08 20:35 - 2013-06-01 01:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-02-08 20:35 - 2013-06-01 01:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2014-02-08 20:35 - 2013-06-01 01:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-02-08 20:35 - 2013-06-01 01:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-02-08 20:35 - 2013-06-01 01:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-02-08 20:35 - 2013-06-01 01:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-02-08 20:35 - 2013-06-01 01:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-02-08 20:35 - 2013-06-01 01:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-02-08 20:35 - 2013-06-01 01:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-02-08 20:35 - 2013-06-01 01:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2014-02-08 20:35 - 2013-05-31 19:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2014-02-08 20:35 - 2013-05-24 14:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-02-08 20:35 - 2013-05-24 14:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-02-08 20:35 - 2013-05-24 14:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-02-08 20:35 - 2013-05-24 14:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-02-08 20:34 - 2013-10-08 17:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-02-08 20:34 - 2013-10-08 14:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-02-08 20:34 - 2013-10-08 14:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-02-08 20:34 - 2013-10-08 14:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-02-08 20:34 - 2013-10-08 14:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-02-08 20:34 - 2013-10-08 14:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-02-08 20:34 - 2013-10-08 14:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-02-08 20:34 - 2013-10-08 14:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-02-08 20:34 - 2013-10-08 14:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-02-08 20:34 - 2013-10-08 14:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-02-08 20:34 - 2013-10-08 14:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-02-08 20:34 - 2013-10-08 14:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-02-08 20:34 - 2013-10-08 14:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-02-08 20:34 - 2013-10-04 22:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-02-08 20:34 - 2013-10-01 18:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-02-08 20:34 - 2013-09-27 21:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-02-08 20:34 - 2013-09-27 19:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-02-08 20:34 - 2013-09-18 23:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-08 20:34 - 2013-08-29 21:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-02-08 20:34 - 2013-08-29 21:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-02-08 20:34 - 2013-08-29 15:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-02-08 20:34 - 2013-08-29 15:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-02-08 20:34 - 2013-08-09 21:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-02-08 20:34 - 2013-08-09 21:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-02-08 20:34 - 2013-08-09 19:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-02-08 20:34 - 2013-08-02 22:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-02-08 20:34 - 2013-08-02 22:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-02-08 20:34 - 2013-08-02 22:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-02-08 20:34 - 2013-08-02 21:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-02-08 20:34 - 2013-08-02 21:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-02-08 20:34 - 2013-08-02 21:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-02-08 20:34 - 2013-08-01 22:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-08 20:34 - 2013-08-01 22:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-08 20:34 - 2013-08-01 21:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-08 20:34 - 2013-08-01 21:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-02-08 20:34 - 2013-07-24 15:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-02-08 20:34 - 2013-07-24 15:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-02-08 20:34 - 2013-06-16 14:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-08 20:34 - 2013-04-09 15:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-02-08 20:34 - 2013-04-09 14:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-02-08 20:33 - 2013-09-13 14:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-02-08 20:33 - 2013-09-13 14:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-02-08 20:33 - 2013-08-29 21:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-02-08 20:33 - 2013-08-29 21:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-02-08 20:33 - 2013-08-29 15:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-02-08 20:33 - 2013-08-20 22:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-02-08 20:33 - 2013-08-09 22:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-02-08 20:33 - 2013-08-09 21:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-02-08 20:33 - 2013-08-09 19:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-02-08 20:33 - 2013-07-24 15:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-08 20:33 - 2013-07-24 15:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll

 

Link to post
Share on other sites

Continued...

 

2014-02-08 20:33 - 2013-07-11 17:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-02-08 20:33 - 2013-07-11 17:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-02-08 20:32 - 2013-07-08 22:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-02-08 20:32 - 2013-07-08 14:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-02-08 20:32 - 2013-07-05 16:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-02-08 20:32 - 2013-07-02 16:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-02-08 20:32 - 2013-07-02 16:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-02-08 20:32 - 2013-06-28 21:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-02-08 20:32 - 2013-06-18 14:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-02-08 20:31 - 2013-10-30 21:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-02-08 20:31 - 2013-10-30 21:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-02-08 20:31 - 2013-10-30 20:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-02-08 20:31 - 2013-10-30 19:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-02-08 20:31 - 2013-10-27 21:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-02-08 20:31 - 2013-10-27 20:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-02-08 20:31 - 2013-10-13 12:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-02-08 20:31 - 2013-08-26 21:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-08 20:31 - 2013-08-26 21:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-08 20:31 - 2013-08-26 14:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-02-08 20:31 - 2013-08-26 14:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-02-08 20:31 - 2013-07-09 00:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-02-08 20:31 - 2013-07-08 20:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-02-08 20:31 - 2013-07-08 19:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-02-08 20:31 - 2013-07-08 14:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-02-08 20:31 - 2013-07-08 14:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2014-02-08 20:31 - 2013-07-08 14:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-02-08 20:31 - 2013-07-02 16:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-02-08 20:31 - 2013-07-02 16:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-02-08 20:31 - 2013-06-30 14:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2014-02-08 20:31 - 2013-06-30 14:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2014-02-08 20:31 - 2013-06-28 22:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-02-08 20:31 - 2013-06-28 22:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-02-08 20:31 - 2013-06-25 19:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-02-08 20:31 - 2013-06-25 18:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-02-08 20:31 - 2013-06-24 14:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-02-08 20:31 - 2013-06-24 14:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-02-08 20:31 - 2013-06-24 14:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-02-08 20:31 - 2013-06-18 21:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-02-08 20:31 - 2013-06-18 21:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-02-08 20:31 - 2013-06-18 14:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-02-08 20:31 - 2013-06-11 15:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-02-08 20:31 - 2013-06-11 15:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-02-08 20:31 - 2013-06-06 00:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-02-08 20:05 - 2014-02-08 20:05 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Macromedia
2014-02-08 20:01 - 2014-02-17 14:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-08 20:01 - 2014-02-17 14:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-08 09:42 - 2014-02-08 09:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-08 09:16 - 2014-02-16 00:07 - 00047104 ___SH () C:\Users\Louise\Desktop\Thumbs.db
2014-02-08 09:16 - 2014-02-08 09:16 - 00000775 _____ () C:\Users\Louise\Desktop\Geek Squad Backup - Shortcut.lnk
2014-02-08 04:12 - 2014-02-08 04:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-08 03:08 - 2014-02-15 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-08 03:08 - 2014-02-15 18:33 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-07 20:40 - 2014-02-07 20:40 - 00003320 _____ () C:\{20823002-4DA7-42BB-8094-2FCF7D1C7956}
2014-02-07 17:16 - 2013-01-09 17:53 - 00028904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2014-02-07 17:16 - 2013-01-09 17:29 - 00091880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-02-07 17:16 - 2013-01-09 15:26 - 01752064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2014-02-07 17:16 - 2013-01-09 15:26 - 01611776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2014-02-07 17:16 - 2013-01-09 15:26 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2014-02-07 17:16 - 2013-01-09 15:26 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-02-07 17:16 - 2013-01-09 15:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
2014-02-07 17:16 - 2013-01-09 15:23 - 02094592 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2014-02-07 17:16 - 2013-01-09 15:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2014-02-07 17:16 - 2013-01-09 15:23 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2014-02-07 17:16 - 2013-01-09 15:23 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-02-07 17:16 - 2013-01-09 15:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-02-07 17:16 - 2013-01-09 15:23 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe
2014-02-07 17:16 - 2013-01-09 15:22 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-02-07 17:16 - 2013-01-09 15:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2014-02-07 17:16 - 2013-01-09 15:22 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-02-07 17:16 - 2013-01-09 15:22 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2014-02-07 17:16 - 2012-11-01 21:19 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2014-02-07 17:16 - 2012-11-01 21:18 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-02-07 17:16 - 2012-11-01 21:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-02-07 17:16 - 2012-11-01 21:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\adhapi.dll
2014-02-07 17:16 - 2012-11-01 21:18 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2014-02-07 17:16 - 2012-11-01 21:18 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2014-02-07 17:15 - 2013-07-05 14:02 - 00121984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-02-07 17:15 - 2013-07-05 14:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-02-07 17:15 - 2013-07-05 14:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-02-07 17:14 - 2013-04-08 21:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-02-07 17:14 - 2013-04-08 21:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-02-07 17:14 - 2013-04-08 21:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-02-07 17:14 - 2013-04-08 21:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2014-02-07 17:14 - 2013-04-08 21:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2014-02-07 17:14 - 2013-04-08 21:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-07 17:14 - 2013-04-08 20:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-02-07 17:14 - 2013-04-08 20:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2014-02-07 17:14 - 2013-04-08 20:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-02-07 17:14 - 2013-04-08 20:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-02-07 17:14 - 2013-04-08 20:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-02-07 17:14 - 2013-04-08 20:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-07 17:14 - 2013-04-08 20:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-02-07 17:14 - 2013-04-08 20:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2014-02-07 17:14 - 2013-04-08 20:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2014-02-07 17:14 - 2013-04-08 20:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-02-07 17:14 - 2013-04-08 20:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-02-07 17:14 - 2013-04-08 20:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-02-07 17:14 - 2013-04-08 20:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-02-07 17:14 - 2013-04-08 20:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2014-02-07 17:14 - 2013-04-08 20:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-02-07 17:14 - 2013-04-08 20:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-02-07 17:14 - 2013-04-08 20:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2014-02-07 17:14 - 2013-04-08 20:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2014-02-07 17:14 - 2013-04-08 20:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2014-02-07 17:14 - 2013-04-08 20:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-02-07 17:14 - 2013-04-08 18:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-02-07 17:14 - 2013-04-08 18:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-02-07 17:14 - 2013-04-08 18:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-02-07 17:14 - 2013-04-08 15:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2014-02-07 17:14 - 2013-04-08 15:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-02-07 17:14 - 2013-04-08 15:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-02-07 17:14 - 2013-04-08 15:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-02-07 17:14 - 2013-04-08 13:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-07 17:14 - 2013-04-08 13:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-02-07 17:14 - 2013-04-08 13:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-02-07 17:14 - 2013-04-08 13:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-02-07 17:14 - 2013-04-08 13:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-02-07 17:14 - 2013-04-08 13:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-02-07 17:14 - 2013-04-08 13:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2014-02-07 17:14 - 2013-04-08 13:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-02-07 17:14 - 2013-04-08 13:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2014-02-07 17:14 - 2013-04-08 13:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-02-07 17:14 - 2013-04-04 15:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-02-07 17:14 - 2013-03-15 14:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-02-07 17:14 - 2013-03-15 14:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-02-07 17:13 - 2013-04-08 21:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2014-02-07 17:13 - 2013-04-08 20:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-02-07 17:13 - 2013-04-08 20:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-02-07 17:13 - 2013-04-08 20:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2014-02-07 17:13 - 2013-04-08 20:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2014-02-07 17:13 - 2013-04-08 20:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-02-07 17:13 - 2013-04-08 20:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2014-02-07 17:13 - 2013-04-08 20:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2014-02-07 17:13 - 2013-04-08 20:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2014-02-07 17:13 - 2013-04-08 18:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2014-02-07 17:13 - 2013-04-08 18:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2014-02-07 17:13 - 2013-04-08 18:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2014-02-07 17:13 - 2013-04-08 13:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-02-07 17:13 - 2013-04-08 13:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-02-07 17:13 - 2013-04-08 13:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-02-07 17:13 - 2013-04-08 13:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-02-07 17:13 - 2013-04-08 13:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2014-02-07 17:13 - 2013-04-08 13:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2014-02-07 17:13 - 2013-04-08 13:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2014-02-07 17:13 - 2013-04-08 13:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2014-02-07 17:13 - 2013-01-09 17:40 - 00303848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-02-07 17:11 - 2013-05-03 23:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2014-02-07 17:11 - 2013-05-03 22:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-02-07 17:11 - 2013-05-03 22:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2014-02-07 17:11 - 2013-05-03 22:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-02-07 17:11 - 2013-05-03 22:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2014-02-07 17:11 - 2013-05-03 22:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-02-07 17:11 - 2013-05-03 22:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-02-07 17:11 - 2013-05-03 22:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2014-02-07 17:11 - 2013-05-03 22:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2014-02-07 17:11 - 2013-05-03 22:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2014-02-07 17:11 - 2013-05-03 22:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2014-02-07 17:11 - 2013-05-03 20:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2014-02-07 17:11 - 2013-05-03 20:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-02-07 17:11 - 2013-05-03 20:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2014-02-07 17:11 - 2013-05-03 20:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2014-02-07 17:11 - 2013-05-03 20:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2014-02-07 17:11 - 2013-05-03 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2014-02-07 17:11 - 2013-05-03 20:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2014-02-07 17:11 - 2013-05-03 20:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-02-07 17:11 - 2013-05-03 20:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2014-02-07 17:11 - 2013-05-03 20:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2014-02-07 17:11 - 2013-05-03 20:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2014-02-07 17:11 - 2013-05-03 20:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2014-02-07 17:11 - 2013-05-03 20:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-02-07 17:11 - 2013-05-03 20:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2014-02-07 17:11 - 2013-03-01 18:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-02-07 17:11 - 2013-03-01 18:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2014-02-07 17:10 - 2013-05-30 15:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-02-07 17:10 - 2013-05-30 15:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-02-07 17:10 - 2013-05-14 18:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-02-07 17:10 - 2013-05-14 18:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-02-07 17:10 - 2013-05-14 18:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2014-02-07 17:10 - 2013-05-14 18:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-02-07 17:09 - 2013-03-02 02:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-02-07 17:09 - 2013-03-02 02:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2014-02-07 17:09 - 2013-03-02 02:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2014-02-07 17:09 - 2013-03-02 00:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-02-07 17:09 - 2013-03-02 00:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-02-07 17:09 - 2013-03-02 00:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2014-02-07 17:09 - 2013-03-02 00:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-02-07 17:09 - 2013-03-02 00:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2014-02-07 17:09 - 2013-03-02 00:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-07 17:09 - 2013-03-02 00:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-02-07 17:09 - 2013-03-02 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2014-02-07 17:09 - 2013-03-02 00:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-02-07 17:09 - 2013-03-02 00:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-02-07 17:09 - 2013-03-01 18:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2014-02-07 17:09 - 2013-03-01 18:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-07 17:09 - 2013-03-01 18:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2014-02-07 17:09 - 2013-03-01 18:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-02-07 17:09 - 2013-03-01 18:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2014-02-07 17:09 - 2013-03-01 18:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2014-02-07 17:09 - 2013-03-01 18:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2014-02-07 17:09 - 2013-03-01 18:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-02-07 17:09 - 2013-03-01 18:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2014-02-07 17:09 - 2013-02-28 20:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2014-02-07 17:05 - 2013-07-01 14:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-02-07 17:05 - 2013-06-21 21:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-07 17:05 - 2013-06-21 21:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-02-07 17:04 - 2013-07-05 16:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-07 17:04 - 2013-07-03 18:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-02-07 17:04 - 2013-07-01 16:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-02-07 17:04 - 2013-05-23 15:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-02-07 17:04 - 2013-05-23 14:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-02-07 17:03 - 2014-02-07 20:38 - 00000000 ____D () C:\Geek Squad Backup
2014-02-07 17:03 - 2013-10-18 21:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-07 17:03 - 2013-10-18 20:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-07 17:03 - 2013-08-15 21:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-02-07 17:03 - 2013-08-15 21:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-02-07 17:03 - 2013-08-15 21:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-02-07 17:03 - 2013-07-01 14:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-02-07 17:03 - 2013-07-01 14:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-02-07 17:03 - 2013-06-28 19:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-02-07 17:03 - 2013-05-03 20:48 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-02-07 17:03 - 2013-04-23 15:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-02-07 17:03 - 2013-04-23 15:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-02-07 17:03 - 2013-04-23 14:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-02-07 17:03 - 2013-04-23 14:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-02-07 17:03 - 2013-03-02 01:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-02-07 17:02 - 2013-10-02 15:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-07 17:02 - 2013-10-01 15:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-02-07 17:02 - 2013-10-01 15:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-07 17:02 - 2013-10-01 14:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-07 17:02 - 2013-09-03 19:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-07 17:02 - 2013-08-15 21:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2014-02-07 17:02 - 2013-08-15 21:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-02-07 17:02 - 2013-08-15 21:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-02-07 17:02 - 2013-08-15 21:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-02-07 17:02 - 2013-08-15 21:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2014-02-07 17:02 - 2013-08-15 21:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-02-07 17:02 - 2013-08-15 21:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2014-02-07 17:02 - 2013-08-15 21:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-02-07 17:02 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-02-07 17:02 - 2013-08-15 21:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-02-07 17:02 - 2013-08-15 14:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-02-07 17:02 - 2013-08-15 14:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2014-02-07 17:02 - 2013-08-15 14:43 - 00083968 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-02-07 17:02 - 2013-08-15 14:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-02-07 17:02 - 2013-08-15 14:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-02-07 17:02 - 2013-08-15 14:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-02-07 17:01 - 2013-10-10 03:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-02-07 17:01 - 2013-10-10 01:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-07 17:01 - 2013-10-10 01:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-02-07 17:01 - 2013-07-01 17:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-02-07 17:01 - 2013-07-01 17:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-02-07 17:01 - 2013-06-30 17:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-07 17:01 - 2013-06-30 17:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-07 17:01 - 2013-06-30 17:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-07 17:01 - 2013-06-30 17:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-07 17:01 - 2013-06-28 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-07 17:01 - 2013-06-28 19:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-07 17:01 - 2013-06-10 11:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-07 17:01 - 2013-06-10 11:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-07 17:01 - 2013-06-10 11:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-07 17:01 - 2013-06-10 11:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-07 17:00 - 2013-04-11 14:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-02-07 17:00 - 2013-04-11 14:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-07 16:53 - 2013-07-19 14:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-07 16:53 - 2013-07-19 14:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-02-07 16:53 - 2013-05-03 22:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-07 16:53 - 2013-05-03 20:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-02-07 16:49 - 2013-11-06 15:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-07 16:49 - 2013-08-06 21:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-02-07 16:49 - 2012-11-09 20:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-02-07 16:49 - 2012-11-09 20:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-02-07 16:49 - 2012-11-09 20:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2014-02-07 16:49 - 2012-11-09 20:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2014-02-07 16:49 - 2012-11-09 20:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2014-02-07 16:46 - 2013-07-12 22:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-02-07 16:46 - 2013-07-12 22:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-02-07 16:46 - 2013-07-12 22:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2014-02-07 16:46 - 2013-07-12 22:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2014-02-07 16:46 - 2013-07-12 20:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-02-07 16:46 - 2013-07-12 20:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2014-02-07 16:46 - 2013-07-12 20:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2014-02-07 16:46 - 2013-06-01 01:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-07 16:46 - 2013-06-01 01:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-07 16:46 - 2013-05-26 15:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-02-07 16:46 - 2013-05-26 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-07 16:46 - 2013-05-24 19:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-07 16:46 - 2013-05-24 18:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-02-07 16:45 - 2013-09-27 19:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-07 16:45 - 2013-04-26 21:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-02-07 16:44 - 2013-02-11 16:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-02-07 16:43 - 2014-02-07 16:43 - 00000000 ____D () C:\ProgramData\Geek Squad
2014-02-07 16:43 - 2013-10-10 01:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-07 16:43 - 2013-10-10 01:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-02-07 16:43 - 2013-10-10 01:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-07 16:43 - 2013-10-10 01:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-07 16:43 - 2013-10-10 01:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-07 16:43 - 2013-10-10 01:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-02-07 16:43 - 2013-10-10 01:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-07 16:43 - 2013-04-02 15:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-02-07 16:43 - 2013-04-02 15:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-02-07 16:43 - 2013-03-14 16:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-02-07 16:42 - 2014-02-07 16:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-02-07 16:41 - 2013-11-22 22:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-07 16:41 - 2013-11-22 21:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-07 16:41 - 2013-10-31 21:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-07 16:41 - 2013-10-31 19:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-07 16:41 - 2013-08-22 23:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-02-07 16:41 - 2013-08-22 17:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-02-07 16:41 - 2013-03-05 23:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-02-07 16:41 - 2013-03-05 22:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-02-07 16:41 - 2012-12-12 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-07 16:41 - 2012-12-12 19:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-02-07 16:40 - 2013-12-06 22:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-02-07 16:40 - 2013-12-06 22:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-07 16:40 - 2013-12-06 21:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-02-07 16:40 - 2013-12-06 21:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-07 16:40 - 2013-10-01 15:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-07 16:40 - 2013-10-01 15:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-07 16:40 - 2013-09-23 14:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-07 16:40 - 2013-09-23 14:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-02-07 16:40 - 2013-08-15 21:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-02-07 16:40 - 2013-08-15 14:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-02-07 16:40 - 2013-08-01 22:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-02-07 16:40 - 2013-08-01 21:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-07 16:40 - 2013-03-21 19:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-02-07 16:40 - 2013-03-21 14:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-02-07 16:40 - 2013-03-02 02:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-02-07 16:40 - 2013-03-02 00:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-02-07 16:40 - 2013-03-01 18:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-02-07 16:40 - 2013-03-01 18:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-02-07 16:40 - 2013-02-06 17:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-02-07 14:05 - 2014-02-26 23:56 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4057796617-2634750475-3372775748-1001
2014-02-07 14:05 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\ATI
2014-02-07 14:05 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Louise\AppData\Local\ATI
2014-02-07 14:00 - 2014-02-07 14:00 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\AcerRemote
2014-02-07 14:00 - 2014-02-07 14:00 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-02-07 14:00 - 2012-08-23 19:39 - 00000000 _____ () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-02-07 13:59 - 2014-02-11 19:42 - 00000000 ___RD () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-07 13:59 - 2014-02-11 19:42 - 00000000 ___RD () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-07 13:59 - 2014-02-07 13:59 - 00001967 _____ () C:\Users\Public\Desktop\Netflix.lnk
2014-02-07 13:59 - 2014-02-07 13:59 - 00001441 _____ () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Adobe
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\Program Files\Accessory Store
2014-02-07 13:58 - 2014-02-17 18:05 - 00000000 ____D () C:\Users\Louise\AppData\Local\VirtualStore
2014-02-07 13:57 - 2014-02-08 20:09 - 00000000 ____D () C:\Users\Louise
2014-02-07 13:57 - 2014-02-07 13:59 - 00000000 ____D () C:\Users\Louise\AppData\Local\Packages
2014-02-07 13:57 - 2014-02-07 13:57 - 00000020 ___SH () C:\Users\Louise\ntuser.ini
2014-02-07 13:57 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-07 13:57 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-07 13:57 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-07 13:57 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
2014-03-06 12:02 - 2014-02-17 17:58 - 00000374 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-4057796617-2634750475-3372775748-1001.job
2014-03-06 12:00 - 2014-03-06 12:00 - 00010567 _____ () C:\Users\Louise\Downloads\FRST.txt
2014-03-06 12:00 - 2014-03-06 11:59 - 00000000 ____D () C:\FRST
2014-03-06 12:00 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-06 11:57 - 2014-03-06 11:57 - 02156544 _____ (Farbar) C:\Users\Louise\Downloads\FRST64.exe
2014-03-06 11:53 - 2014-02-17 17:56 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-03-06 11:38 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-06 11:35 - 2014-02-17 17:57 - 00000000 ____D () C:\ProgramData\Updater
2014-03-06 11:35 - 2014-02-17 17:57 - 00000000 ____D () C:\ProgramData\RHelpers
2014-03-06 11:35 - 2014-02-17 17:57 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
2014-03-06 11:35 - 2014-02-10 00:00 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 11:35 - 2013-04-08 02:35 - 00045120 _____ () C:\Windows\PFRO.log
2014-03-06 11:35 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 11:34 - 2013-12-16 00:03 - 01185126 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 11:34 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-06 11:32 - 2014-03-06 11:32 - 00007661 _____ () C:\Users\Louise\AppData\Local\Resmon.ResmonCfg
2014-03-06 10:10 - 2013-12-16 00:10 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-03-06 01:11 - 2014-02-10 00:01 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 14:25 - 2014-03-05 14:25 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Malwarebytes
2014-03-05 14:24 - 2014-03-05 14:24 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-05 14:24 - 2014-03-05 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 14:24 - 2014-03-05 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 14:23 - 2014-03-05 14:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Louise\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-04 19:56 - 2014-02-15 19:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-04 16:18 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\Louise\Documents\TurboTax
2014-03-04 13:38 - 2014-02-25 16:48 - 00000313 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-03-04 13:32 - 2014-02-26 23:55 - 00002350 ____N () C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2014-03-04 13:32 - 2014-02-22 14:15 - 00001980 _____ () C:\WildTangent Games App - gateway.lnk
2014-03-03 00:29 - 2014-03-03 00:29 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Itibiti
2014-03-02 22:42 - 2014-03-02 22:42 - 00001332 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2014-03-02 22:42 - 2014-03-02 22:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Myths of the World - Spirit Wolf Collectors Edition
2014-03-02 22:42 - 2014-03-02 22:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Eipix
2014-03-02 22:42 - 2014-03-02 22:42 - 00000000 ____D () C:\Program Files (x86)\Myths of the World - Spirit Wolf Collectors Edition
2014-03-02 22:34 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-02 22:00 - 2014-02-18 11:41 - 00000000 ____D () C:\Users\Louise\AppData\Local\CrashDumps
2014-03-01 11:06 - 2012-07-25 23:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 11:01 - 2014-02-16 00:06 - 00289192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-28 21:57 - 2014-02-28 21:57 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-28 21:54 - 2014-02-10 13:40 - 00007135 _____ () C:\Windows\system32\lvcoinst.log
2014-02-28 21:54 - 2012-07-25 23:21 - 00024028 _____ () C:\Windows\setupact.log
2014-02-28 21:53 - 2014-02-28 21:53 - 00000000 ____D () C:\ProgramData\SearchDonkey
2014-02-28 00:17 - 2014-02-22 14:32 - 00000000 ____D () C:\BigFishCache
2014-02-27 21:27 - 2014-02-27 21:27 - 00000000 ____D () C:\ProgramData\Elephant Games
2014-02-27 21:27 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Elephant Games
2014-02-27 21:26 - 2014-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - The Legacy
2014-02-27 21:25 - 2014-02-27 21:25 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - The Legacy
2014-02-27 21:15 - 2014-02-27 21:15 - 00236648 _____ (Big Fish Games) C:\Users\Louise\Downloads\grim-tales-the-legacy_s1_l1_gF7003T1L1_d2262816596.exe
2014-02-27 18:52 - 2014-02-27 18:52 - 00017567 _____ () C:\Users\Louise\Documents\Kansas Counties - Alphabetical List.htm
2014-02-27 18:52 - 2014-02-27 18:52 - 00000000 ____D () C:\Users\Louise\Documents\Kansas Counties - Alphabetical List_files
2014-02-27 16:28 - 2014-02-27 16:20 - 00000000 ____D () C:\Users\Louise\Documents\18 WoS American Long Haul
2014-02-26 23:56 - 2014-02-07 14:05 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4057796617-2634750475-3372775748-1001
2014-02-26 23:51 - 2014-02-26 20:41 - 00000000 ___RD () C:\Users\Louise\Desktop\Games
2014-02-26 20:09 - 2014-02-26 20:09 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\GameCards
2014-02-25 21:55 - 2014-02-25 21:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-25 21:55 - 2014-02-25 21:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-25 21:53 - 2014-02-25 21:53 - 13079688 _____ (Microsoft Corporation) C:\Users\Louise\Downloads\Silverlight_x64.exe
2014-02-25 19:02 - 2014-02-25 19:02 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Alawar
2014-02-25 18:13 - 2014-02-25 18:12 - 00000000 ____D () C:\Program Files (x86)\Midnight Castle
2014-02-25 18:12 - 2014-02-25 18:12 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Midnight Castle
2014-02-25 16:57 - 2014-02-25 16:57 - 00000000 ____D () C:\Users\Louise\AppData\Local\IsolatedStorage
2014-02-25 16:48 - 2014-02-25 16:48 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Intuit
2014-02-25 16:45 - 2014-02-25 16:45 - 00002531 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
2014-02-25 16:44 - 2014-02-25 16:41 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-25 16:41 - 2014-02-25 16:41 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-02-25 16:40 - 2014-02-25 16:40 - 94408040 _____ () C:\Users\Louise\Desktop\wturbotax1040habamz20130900101.exe
2014-02-24 17:40 - 2014-02-24 17:40 - 514724831 _____ () C:\Windows\MEMORY.DMP
2014-02-24 17:40 - 2014-02-24 17:40 - 00279784 _____ () C:\Windows\Minidump\022414-18049-01.dmp
2014-02-24 17:40 - 2014-02-24 17:40 - 00000000 ____D () C:\Windows\Minidump
2014-02-22 23:42 - 2014-02-22 23:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\ERS Game Studios
2014-02-22 14:59 - 2014-02-22 14:59 - 00002145 _____ () C:\Users\Public\Desktop\Play Found - A Hidden Object Adventure.lnk
2014-02-22 14:59 - 2014-02-22 14:58 - 00000000 ____D () C:\Program Files (x86)\Found - A Hidden Object Adventure
2014-02-22 14:59 - 2014-02-22 14:33 - 00000000 ____D () C:\ProgramData\Big Fish
2014-02-22 14:58 - 2014-02-22 14:58 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Found - A Hidden Object Adventure
2014-02-22 14:57 - 2014-02-22 14:57 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Behind the Reflection
2014-02-22 14:57 - 2014-02-22 14:57 - 00000000 ____D () C:\Program Files (x86)\Behind the Reflection
2014-02-22 14:57 - 2014-02-22 14:52 - 00000000 ____D () C:\Program Files (x86)\Maestro - Music of Death Collector's Edition
2014-02-22 14:52 - 2014-02-22 14:52 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maestro - Music of Death Collector's Edition
2014-02-22 14:37 - 2014-02-22 14:37 - 00000970 _____ () C:\Users\Public\Desktop\Games.lnk
2014-02-22 14:36 - 2014-02-22 14:33 - 00000000 ____D () C:\Users\Louise\AppData\Local\Big Fish
2014-02-22 14:36 - 2014-02-22 14:33 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-02-19 17:04 - 2014-02-17 17:58 - 00003268 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-4057796617-2634750475-3372775748-1001
2014-02-19 11:26 - 2014-02-19 11:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-19 11:24 - 2014-02-19 11:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-02-18 16:23 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Louise\Documents\My Games
2014-02-18 16:23 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Louise\AppData\Local\My Games
2014-02-18 16:22 - 2014-02-15 19:57 - 00062700 _____ () C:\Windows\DirectX.log
2014-02-18 15:41 - 2014-02-15 19:32 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-17 18:43 - 2014-02-17 18:43 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\SpinTop Games
2014-02-17 18:07 - 2014-02-17 18:07 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Compete
2014-02-17 18:05 - 2014-02-07 13:58 - 00000000 ____D () C:\Users\Louise\AppData\Local\VirtualStore
2014-02-17 17:58 - 2014-02-17 17:58 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-02-17 17:58 - 2014-02-17 17:58 - 00000000 ____D () C:\ProgramData\W3i
2014-02-17 17:58 - 2014-02-17 17:58 - 00000000 ____D () C:\Program Files (x86)\W3i
2014-02-17 17:57 - 2014-02-17 17:57 - 00001081 _____ () C:\Users\Public\Desktop\KNCTR.lnk
2014-02-17 17:57 - 2014-02-17 17:57 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2014-02-17 17:57 - 2014-02-17 17:57 - 00000000 ____D () C:\Program Files (x86)\mPlayer
2014-02-17 17:57 - 2014-02-17 17:57 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-02-17 14:03 - 2014-02-08 20:01 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 14:03 - 2014-02-08 20:01 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 01:03 - 2014-02-17 01:03 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-17 01:03 - 2014-02-17 01:03 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-17 01:02 - 2014-02-17 01:02 - 00000000 ____D () C:\Users\Louise\AppData\Local\WarThunder
2014-02-17 01:02 - 2014-02-17 01:02 - 00000000 ____D () C:\ProgramData\WarThunder
2014-02-17 00:36 - 2014-02-17 00:36 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\T1 Games
2014-02-17 00:36 - 2014-02-17 00:36 - 00000000 ____D () C:\ProgramData\T1 Games
2014-02-16 17:58 - 2014-02-16 17:58 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\NevoSoft Games
2014-02-16 17:06 - 2014-02-10 00:01 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 17:06 - 2014-02-10 00:00 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 11:58 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\rescache
2014-02-16 00:07 - 2014-02-08 09:16 - 00047104 ___SH () C:\Users\Louise\Desktop\Thumbs.db
2014-02-15 23:42 - 2014-02-15 23:32 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Tropico 4 Demo
2014-02-15 19:06 - 2014-02-15 19:06 - 00000974 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-15 18:36 - 2014-02-08 03:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 18:33 - 2014-02-08 03:08 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:07 - 2014-02-12 17:07 - 00017122 _____ () C:\Users\Louise\Downloads\SecureMessageAtt (1).html
2014-02-12 12:36 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\system32\restore
2014-02-11 19:42 - 2014-02-07 13:59 - 00000000 ___RD () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 19:42 - 2014-02-07 13:59 - 00000000 ___RD () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-11 19:38 - 2012-07-26 00:12 - 00000000 ___RD () C:\Windows\ToastData
2014-02-11 19:38 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-02-11 19:38 - 2012-07-25 21:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-02-10 13:40 - 2014-02-10 13:40 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-02-10 00:01 - 2014-02-10 00:01 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-10 00:01 - 2014-02-10 00:00 - 00000000 ____D () C:\Users\Louise\AppData\Local\Google
2014-02-10 00:01 - 2014-02-10 00:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-10 00:00 - 2014-02-10 00:00 - 00000000 ____D () C:\Users\Louise\AppData\Local\Deployment
2014-02-10 00:00 - 2014-02-10 00:00 - 00000000 ____D () C:\Users\Louise\AppData\Local\Apps\2.0
2014-02-09 19:51 - 2014-02-09 19:51 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\MoonriseInteractive
2014-02-09 19:49 - 2013-04-08 04:14 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-09 19:48 - 2013-04-08 04:14 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-02-09 19:44 - 2014-02-09 17:58 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\WildTangent
2014-02-09 18:39 - 2014-02-09 18:39 - 00014853 _____ () C:\Users\Louise\Downloads\SecureMessageAtt.html
2014-02-09 18:25 - 2014-02-09 18:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-02-09 17:59 - 2014-02-09 17:59 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-02-08 21:51 - 2014-02-08 21:51 - 00000000 ____D () C:\BigFishGamesCache
2014-02-08 20:09 - 2014-02-07 13:57 - 00000000 ____D () C:\Users\Louise
2014-02-08 20:05 - 2014-02-08 20:05 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Macromedia
2014-02-08 20:04 - 2013-12-16 00:27 - 00000000 ____D () C:\ProgramData\OEM
2014-02-08 20:01 - 2012-07-25 21:37 - 00000000 ____D () C:\Windows\servicing
2014-02-08 19:56 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-08 19:56 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-08 19:56 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\WinStore
2014-02-08 19:56 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-08 19:56 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-08 19:56 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-08 19:56 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-02-08 19:55 - 2012-07-25 23:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-08 19:54 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-08 19:54 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-08 19:54 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-02-08 19:54 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-02-08 19:54 - 2012-07-25 21:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-02-08 19:54 - 2012-07-25 21:38 - 00000000 ____D () C:\Windows\system32\Dism
2014-02-08 19:51 - 2012-07-26 00:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-02-08 09:42 - 2014-02-08 09:42 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-08 09:16 - 2014-02-08 09:16 - 00000775 _____ () C:\Users\Louise\Desktop\Geek Squad Backup - Shortcut.lnk
2014-02-08 04:12 - 2014-02-08 04:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-08 04:11 - 2013-04-08 04:19 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-02-08 04:11 - 2013-04-08 04:19 - 00002508 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-02-08 04:11 - 2013-04-08 04:19 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-02-07 23:08 - 2013-04-08 04:19 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-02-07 23:08 - 2013-04-08 04:19 - 00007631 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-02-07 20:40 - 2014-02-07 20:40 - 00003320 _____ () C:\{20823002-4DA7-42BB-8094-2FCF7D1C7956}
2014-02-07 20:38 - 2014-02-07 17:03 - 00000000 ____D () C:\Geek Squad Backup
2014-02-07 16:43 - 2014-02-07 16:43 - 00000000 ____D () C:\ProgramData\Geek Squad
2014-02-07 16:42 - 2014-02-07 16:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-02-07 14:05 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\ATI
2014-02-07 14:05 - 2014-02-07 14:05 - 00000000 ____D () C:\Users\Louise\AppData\Local\ATI
2014-02-07 14:00 - 2014-02-07 14:00 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\AcerRemote
2014-02-07 14:00 - 2014-02-07 14:00 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-02-07 14:00 - 2013-04-08 03:29 - 00000000 ___HD () C:\OEM
2014-02-07 13:59 - 2014-02-07 13:59 - 00001967 _____ () C:\Users\Public\Desktop\Netflix.lnk
2014-02-07 13:59 - 2014-02-07 13:59 - 00001441 _____ () C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\Users\Louise\AppData\Roaming\Adobe
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\ProgramData\OEM_YAHOO
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
2014-02-07 13:59 - 2014-02-07 13:59 - 00000000 ____D () C:\Program Files\Accessory Store
2014-02-07 13:59 - 2014-02-07 13:57 - 00000000 ____D () C:\Users\Louise\AppData\Local\Packages
2014-02-07 13:59 - 2013-04-08 04:19 - 00000000 ____D () C:\ProgramData\Norton
2014-02-07 13:57 - 2014-02-07 13:57 - 00000020 ___SH () C:\Users\Louise\ntuser.ini
2014-02-07 13:57 - 2012-07-26 00:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
 
Some content of TEMP:
====================
C:\Users\Louise\AppData\Local\Temp\SCC.dll
C:\Users\Louise\AppData\Local\Temp\SymCCIS.dll
C:\Users\Louise\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-17 17:25
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

copy and paste the report in next reply

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Kevin

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014

Ran by Louise at 2014-03-06 17:50:11 Run:1
Running from C:\Users\Louise\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Louise\AppData\Local\Temp\SCC.dll
C:\Users\Louise\AppData\Local\Temp\SymCCIS.dll
C:\Users\Louise\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:1858B534
AlternateDataStreams: C:\ProgramData\Temp:19F8EB29
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3
AlternateDataStreams: C:\ProgramData\Temp:852F2262
AlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3
AlternateDataStreams: C:\ProgramData\Temp:F74EC668
End
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Louise\AppData\Local\Temp\SCC.dll => Moved successfully.
C:\Users\Louise\AppData\Local\Temp\SymCCIS.dll => Moved successfully.
C:\Users\Louise\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe => Moved successfully.
C:\ProgramData\Temp => ":1858B534" ADS removed successfully.
C:\ProgramData\Temp => ":19F8EB29" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":363E775E" ADS removed successfully.
C:\ProgramData\Temp => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\Temp => ":7687A3E3" ADS removed successfully.
C:\ProgramData\Temp => ":852F2262" ADS removed successfully.
C:\ProgramData\Temp => ":BE6B5FC3" ADS removed successfully.
C:\ProgramData\Temp => ":F74EC668" ADS removed successfully.
 
==== End of Fixlog ====

 

Here is the log from Adwcleaner (I'm not really sure what any of that is, or what needs to be checked/unchecked..) :

 

# AdwCleaner v3.020 - Report created 06/03/2014 at 17:53:24

# Updated 27/02/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Louise - OWNER
# Running from : C:\Users\Louise\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Program Files (x86)\w3i
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\RHelpers
Folder Found C:\ProgramData\w3i
Folder Found C:\Windows\SysWOW64\AI_RecycleBin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKCU\Software\Compete
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16798
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : search_url
Found : suggest_url
 
*************************
 
AdwCleaner[R0].txt - [2511 octets] - [06/03/2014 17:53:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2571 octets] ##########
 
I'll finish the rest of it after I know what needs to be removed.
Link to post
Share on other sites

I apologize for being so cautious about this. I'm always sketched out when it comes to messing with computer files. I've gone through 2 desktops and a few laptops over the last few years.

 

Anyways, here is the log from AdwCleaner:

 

# AdwCleaner v3.020 - Report created 07/03/2014 at 08:15:44

# Updated 27/02/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Louise - OWNER
# Running from : C:\Users\Louise\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\Program Files (x86)\w3i
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\CompeteInc
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16798
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : search_url
Deleted : suggest_url
 
*************************
 
AdwCleaner[R0].txt - [2663 octets] - [06/03/2014 17:53:24]
AdwCleaner[s0].txt - [2599 octets] - [07/03/2014 08:15:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2659 octets] ##########
 
I'm starting Junkware Removal Tool. Will post the log when it's finished.
Link to post
Share on other sites

Junkware Removal Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Louise on Fri 03/07/2014 at  8:40:19.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\big fish"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at  8:50:59.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Here is the Log from ESET:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\w3i\UninstallHelper\UninstallHelper.exe.vir a variant of Win32/InstallIQ.A potentially unwanted application
C:\Geek Squad Backup\Backup\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4YRQ51A1\shadowcraft-2[1].htm HTML/ScrInject.B.Gen virus
C:\Geek Squad Backup\Program Files (x86)\DownVision\update.exe MSIL/DownVision.A potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe probably a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39impipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe probably a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\ProgramData\Updater\Uninstall.exe multiple threats
C:\Users\All Users\Updater\Uninstall.exe multiple threats
 
 
My CPU usage has been looking good so far. WMI Provider Host was using 1-2% yesterday, and it's not running in Processes on Task Manager at the moment. I haven't seen DCA Monitoring Tool running since yesterday. It's currently running at around 35% with 11 tabs open on Chrome.
 
The only problem I can think of is video-related. I could watch videos on YouTube (full screen + 1080p) a couple of weeks ago. Then one day, my computer started having problems with it. The audio isn't usually too bad, but the video will skip and freeze. Do you know of anything that would cause that to start happening? 
 
Also, my monitor will start to bug out after being on for a few hours. The open program looks fine, but I can see what looks like copies of it jumping around in the background (if that makes sense). 
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\Geek Squad Backup\Backup\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4YRQ51A1\shadowcraft-2[1].htmC:\Geek Squad Backup\Program Files (x86)\DownVisionC:\Geek Squad Backup\Program Files (x86)\iMesh ApplicationsC:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39C:\Geek Squad Backup\Program Files (x86)\Searchqu ToolbarC:\ProgramData\UpdaterC:\Users\All Users\Updater:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Next,

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

It made me restart my computer. I have windows 8. At the startup menu, I tried opening Google Chrome. It wouldn't work, so I opened Explorer. After it loaded up the Desktop, there was 6 or 7 of those "Do you want to allow ... to make changes to this computer?" that popped up for GoogleUpdater. I think I hit Yes on one of them. Is that okay? And Norton keeps showing up saying "widevinecdmadapter.dll is safe." What is that about?

 

Here is the Log for OTM:

 

All processes killed

========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Louise\Downloads\cmd.bat deleted successfully.
C:\Users\Louise\Downloads\cmd.txt deleted successfully.
C:\Geek Squad Backup\Backup\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4YRQ51A1\shadowcraft-2[1].htm moved successfully.
C:\Geek Squad Backup\Program Files (x86)\DownVision folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\components folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ChromeExtension\lib folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ChromeExtension\config\skin folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ChromeExtension\config folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ChromeExtension folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar\Datamngr folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\MediaBar folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\Images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\videosview folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\cdripview folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\artistsview folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html\albumsview folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins\html folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\Skins folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\HTML\Images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh\HTML folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications\iMesh folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\iMesh Applications folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\Settings folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\Message folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\IE9Mesg folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\gen1 folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\1.bin\chrome folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar\1.bin folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39\bar folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\MapsGalaxy_39 folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar\Datamngr folder moved successfully.
C:\Geek Squad Backup\Program Files (x86)\Searchqu Toolbar folder moved successfully.
C:\ProgramData\Updater folder moved successfully.
File/Folder C:\Users\All Users\Updater not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
Screen317 Checkup Log:
 
 Results of screen317's Security Check version 0.99.80  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

 

Norton keeps showing up saying "widevinecdmadapter.dll is safe

 

Read this link for the above: http://community.norton.com/t5/Tech-Outpost/Chrome-s-WidevineCDMadapter-dll-downloads-to-my-c-drive/td-p/1103151 

 

Re-install Chrome and see how it responds...

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Let me know how your system is responding, also what issues or concerns remain....

 

Kevin

Link to post
Share on other sites

The only programs left on my system that I'm not sure about are 'KNCTR' and 'mPlayer version 1.0'

 

I was trying to load up a movie on Netflix, and it said that I couldn't play the video without downloading mPlayer. It played fine after I downloaded it, but I don't recall being asked to use it on previous computers. 

 

Also, I'm not sure where KNCTR came from. The Overall Sentiment on ShouldIRemoveIt is Bad with 59% uninstalls, so it should be fine to remove, right? I've never used it, as far as I know.

 

The only other issue that I have come across is that the WinSxS folder is using a lot of disk space (14.4 GB). I've read that the folder keeps building up as the computer ages, but 14 GB seems rather high. Do you think that there could be files/folders that were transferred with the GeekSquadBackup that this computer doesn't need?

 

Here is the log from MalwareBytes, after a near 25 hour scan:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.06.07
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Louise :: OWNER [administrator]
 
3/8/2014 8:05:42 PM
mbam-log-2014-03-08 (20-05-42).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Heuristics/Extra | P2P
Objects scanned: 810361
Time elapsed: 1 day(s), 49 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

 

 
My PC has been running great so far. The CPU has been running at low percentages (only maxed out when I had MBAM, multiple Google Chrome tabs, and Youtube running). Programs are starting quicker/running better. Thank you for all of the help you're providing. I appreciate the clear instructions, too. They have been very easy to follow.
Link to post
Share on other sites

I`d say yes to the removal of the programs you mention.... If there are any issues with the uninstall via the normal route use the following:

 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

 

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

 

Run the tool, the main GUI will populate with installed programs list,

 

Left click on Program name to highlight that entry.

 

Select Action from the Menu bar, then Uninstall from there follow the prompts.

 

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

 

Next,

 

Regarding the WinSXS folder, yep you can prune that folder and keep it in check, go to the following link for help/advice...

 

http://www.thewindowsclub.com/winsxs-folder-cleanup-windows-8-1

 

Next,

 

If no remaining issues I guess we can clean up tools etc.......

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

Let me know if all tools are gone, also if any remaining issues or concerns....

 

Also read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin..... ;)

fixlist.txt

Link to post
Share on other sites

Purge means to remove. All old System Restore points are removed from your system and a new Restore Point is created. There is a strong possibility old points were infected, hence that action.

 

Reset System Settings, just means to reset any basic settings that may have been changed from Default either by malware/infection, or intentionally by malware/infection removal tools

 

Any remaining issues or concerns, can we close out?

Link to post
Share on other sites

I don't know if you need the log from Delfix, but here it is:

 

# DelFix v10.6 - Logfile created 11/03/2014 at 13:02:20
# Updated 11/11/2013 by Xplode
# Username : Louise - OWNER
# Operating System : Windows 8  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTM
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Louise\Desktop\AdwCleaner - Shortcut.lnk
Deleted : C:\Users\Louise\Desktop\JRT - Shortcut.lnk
Deleted : C:\Users\Louise\Desktop\JRT.txt
Deleted : C:\Users\Louise\Downloads\AdwCleaner.exe
Deleted : C:\Users\Louise\Downloads\JRT.exe
Deleted : C:\Users\Louise\Downloads\OTM.exe
Deleted : C:\Users\Louise\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #6 [Windows Update | 02/23/2014 20:10:32]
Deleted : RP #7 [installed TurboTax 2013 wrapper | 02/26/2014 00:43:18]
Deleted : RP #8 [Windows Update | 03/01/2014 11:27:46]
Deleted : RP #9 [installed TurboTax 2013 wmoiper | 03/04/2014 21:39:57]
Deleted : RP #10 [before MalwareBytes Cleaning | 03/06/2014 07:25:18]
Deleted : RP #11 [Windows Update | 03/09/2014 16:17:35]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
Did it delete system restore points created by Turbo Tax, or did it delete part of the program itself? I've already filed taxes, so I'm not too worried about it either way. Also, there's a file in my downloads named "FRST -Olderversion" that has FRST in it. That can be deleted, correct?
 
Other than that, everything seems great. The computer has been running like it did when I first bought it, if not better. 
Link to post
Share on other sites

The folder containing old versions of FRST is inert and can be safely deleted...

 

Delfix clears all Restore Points and creates a fresh clean restore point, there would be a strong possibility old points were infected. The old points do not hold any reference to data created by Turbo Tax, they are registry backups related to system specific files...

 

If no remaining issues or concerns are we ok to close out...

 

Kevin.

Link to post
Share on other sites

Okay, well, I think everything has taken care of. Computer seems to be running strong. Thank you for your help. I really appreciate it.

 

I'll be sure to hit that donate button if I get enough back on taxes. You deserve it. 

 

 

Have a good one,

 

-Chris

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.