Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 probable malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 Proxima

Proxima

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 18 July 2015 - 01:55 PM

Hi guys,

 

I've been using my windows 8.1 machine as usual and noticed a few nasty things floating around.

Had ad popups that stay around after exiting browsers, weird files appearing on C:\ and some unsavory logins to some of my online accounts.

 

I'm suspecting something has got onto my PC and is logging something and affecting other systems.

I've run the usual Malwarebytes virus scan and had issues with it crashing before scan complete so that being blocked is also suspected.

 

My logs from FABAR are below and my additon.txt is attached:
 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Proxima (administrator) on PROXIMAALPHA on 18-07-2015 19:45:24
Running from C:\Users\Proxima\Desktop
Loaded Profiles: Proxima (Available Profiles: Proxima)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164080 2015-06-27] (IvoSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Standard Mouse Driver] => C:\Program Files (x86)\Standard Mouse Driver\Monitor.exe [147456 2013-01-17] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Windows\skipmetrosuite.exe,
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1345023895-3421161898-3976837730-1001\...\Run: [DisplayFusion] => D:\Programs\DisplayFusion\DisplayFusion.exe [8167448 2015-07-17] (Binary Fortress Software)
HKU\S-1-5-21-1345023895-3421161898-3976837730-1001\...\Run: [GoogleChromeAutoLaunch_D90A28B7F10EA95D686179F280CD1D62] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-16]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2015-07-17]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Developers)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1345023895-3421161898-3976837730-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1345023895-3421161898-3976837730-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programs\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programs\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{18115E50-CC25-4384-92B8-36F6AF22D9AB}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D23D6E41-8474-4D1B-B3E4-7EA0DFC71DC8}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default
FF Homepage: google.co.uk
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programs\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\tiletabs@DW-dev.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\s3download@statusbar.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\omnibar@ajitk.com.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [not found]
FF Extension: No Name - C:\Program Files\Waterfox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-07-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicjkkmjijnlncpkailhjcdfkechjbpl [2015-07-17]
CHR Extension: (Google Docs) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17]
CHR Extension: (Ghost Pokémon) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkgalfoibaipchlgkjnidihenihkklb [2015-07-17]
CHR Extension: (YouTube) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-17]
CHR Extension: (Adblock Plus) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-17]
CHR Extension: (Pushbullet) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-07-17]
CHR Extension: (Google Search) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-17]
CHR Extension: (Black Menu for Google™) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2015-07-17]
CHR Extension: (Google Calendar) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-17]
CHR Extension: (Flix Plus by Lifehacker) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2015-07-17]
CHR Extension: (Diaro - diary, journal, notes) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjgfeglefnmoiacciljhjkknbofpcdp [2015-07-17]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-17]
CHR Extension: (Eye Dropper) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2015-07-17]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-07-17]
CHR Extension: (The Great Suspender) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-07-17]
CHR Extension: (Evernote Web) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-17]
CHR Extension: (Chrono Download Manager) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-07-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-07-17]
CHR Extension: (Drive) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2015-07-17]
CHR Extension: (Google Wallet) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-17]
CHR Extension: (Gmail) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
S2 DisplayFusionService; D:\Programs\DisplayFusion\DisplayFusionService.exe [4513832 2015-07-17] (Binary Fortress Software)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-07-16] (IObit)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\PC\Origin\OriginClientService.exe [2004488 2015-07-17] (Electronic Arts)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
S2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-18] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-18 19:45 - 2015-07-18 19:45 - 02134528 _____ (Farbar) C:\Users\Proxima\Desktop\FRST64.exe
2015-07-18 19:45 - 2015-07-18 19:45 - 00016814 _____ C:\Users\Proxima\Desktop\FRST.txt
2015-07-18 19:45 - 2015-07-18 19:45 - 00000000 ____D C:\FRST
2015-07-18 19:30 - 2015-07-18 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-18 19:30 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-18 19:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-18 19:17 - 2015-07-18 19:23 - 00000000 ____D C:\AdwCleaner
2015-07-18 19:02 - 2015-07-18 19:30 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-18 19:02 - 2015-07-18 19:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-18 19:02 - 2015-07-18 19:02 - 00000000 ____D C:\Users\Proxima\AppData\Local\CrashDumps
2015-07-18 19:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-18 18:56 - 2015-07-18 19:38 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-18 18:56 - 2015-07-18 19:02 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-18 17:59 - 2015-07-18 18:02 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\FileZilla
2015-07-17 23:29 - 2015-07-17 23:29 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\JAM Software
2015-07-17 23:20 - 2015-07-17 23:20 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\vlc
2015-07-17 23:15 - 2015-07-17 23:16 - 00003108 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1345023895-3421161898-3976837730-1001
2015-07-17 23:15 - 2015-07-17 23:16 - 00000000 ___RD C:\Users\Proxima\OneDrive
2015-07-17 23:15 - 2015-07-17 23:15 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-17 23:13 - 2015-07-18 19:24 - 00004972 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PROXIMAALPHA-Proxima ProximaAlpha
2015-07-17 23:12 - 2015-07-17 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-17 23:11 - 2015-07-17 23:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-17 23:11 - 2015-07-17 23:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-17 23:10 - 2015-07-17 23:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-17 23:10 - 2015-07-17 23:10 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-17 23:09 - 2015-07-17 23:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 23:09 - 2015-07-17 23:09 - 00000000 ____D C:\Users\Proxima\AppData\Local\Microsoft Help
2015-07-17 23:09 - 2015-07-17 23:09 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-07-17 23:09 - 2015-07-17 23:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-07-17 23:09 - 2015-07-17 23:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-07-17 22:55 - 2015-07-18 19:24 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 22:55 - 2015-07-18 19:00 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 22:55 - 2015-07-17 22:55 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 22:55 - 2015-07-17 22:55 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 22:55 - 2015-07-17 22:55 - 00000000 ____D C:\Users\Proxima\AppData\Local\Google
2015-07-17 22:55 - 2015-07-17 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-17 22:55 - 2015-07-17 22:55 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-17 22:40 - 2015-07-18 19:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-17 20:54 - 2015-07-17 21:04 - 00000000 ____D C:\Users\Proxima\AppData\Local\paint.net
2015-07-17 20:54 - 2015-07-17 20:54 - 00000951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-07-17 20:46 - 2015-07-17 20:47 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\TS3Client
2015-07-17 20:46 - 2015-07-17 20:46 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-07-17 20:46 - 2015-07-17 20:46 - 00000000 ____D C:\Users\Proxima\AppData\Local\TeamSpeak 3 Client
2015-07-17 20:39 - 2015-07-13 22:10 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 20:39 - 2015-07-13 22:10 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-17 20:24 - 2015-07-17 20:26 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 20:24 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-17 20:03 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-17 20:03 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-17 20:03 - 2014-04-19 12:15 - 21186352 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-17 20:03 - 2014-04-19 07:49 - 18644072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-17 20:03 - 2014-03-10 11:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-07-17 20:03 - 2014-03-10 11:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-07-17 20:03 - 2014-03-06 10:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-17 20:03 - 2014-03-06 10:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-17 20:03 - 2014-03-06 07:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-17 20:03 - 2014-03-06 07:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-17 20:03 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-17 20:03 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-07-17 20:03 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-07-17 20:03 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-07-17 20:03 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-17 20:03 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-07-17 20:03 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-07-17 20:03 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2015-07-17 20:03 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-07-17 20:03 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-07-17 20:03 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2015-07-17 20:03 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-07-17 20:03 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2015-07-17 20:03 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-07-17 20:03 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-07-17 20:03 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2015-07-17 20:03 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2015-07-17 20:03 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-07-17 20:03 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-17 20:03 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2015-07-17 20:03 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-07-17 20:03 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-17 20:03 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2015-07-17 20:03 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-17 20:03 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-17 20:03 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-07-17 20:03 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-07-17 20:03 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-17 20:03 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-17 20:03 - 2014-01-27 12:45 - 00386722 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-17 20:03 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-07-17 20:03 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2015-07-17 20:03 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-07-17 20:03 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2015-07-17 20:02 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-07-17 20:02 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-07-17 20:02 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-07-17 20:02 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2015-07-17 20:02 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2015-07-17 20:02 - 2014-01-04 16:54 - 00138240 _____ C:\Windows\system32\OEMLicense.dll
2015-07-17 20:02 - 2014-01-04 16:08 - 00103936 _____ C:\Windows\SysWOW64\OEMLicense.dll
2015-07-17 20:02 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2015-07-17 20:02 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2015-07-17 20:02 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-07-17 20:02 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-07-17 20:02 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-17 20:02 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2015-07-17 20:02 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-17 20:02 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-07-17 20:02 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-07-17 20:02 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-07-17 20:02 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-07-17 20:02 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2015-07-17 20:02 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2015-07-17 20:02 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2015-07-17 20:02 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2015-07-17 20:02 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2015-07-17 20:02 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-07-17 20:02 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2015-07-17 20:02 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2015-07-17 20:02 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2015-07-17 20:02 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2015-07-17 20:02 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2015-07-17 20:02 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2015-07-17 20:02 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2015-07-17 20:02 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-17 20:02 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-17 20:02 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2015-07-17 20:02 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-07-17 20:02 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-07-17 20:02 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2015-07-17 20:02 - 2013-12-13 08:24 - 00121088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-07-17 20:02 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2015-07-17 20:02 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2015-07-17 20:02 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2015-07-17 20:02 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2015-07-17 20:02 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2015-07-17 20:02 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2015-07-17 20:02 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-07-17 20:02 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-07-17 20:02 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-07-17 20:02 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-07-17 20:02 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2015-07-17 20:02 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-07-17 20:02 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-07-17 20:02 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-07-17 20:02 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-07-17 20:02 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-07-17 20:02 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2015-07-17 20:02 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2015-07-17 20:02 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2015-07-17 20:02 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 20:02 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-17 20:02 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-07-17 20:02 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-17 20:02 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-17 20:02 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-07-17 20:02 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-07-17 20:02 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-07-17 20:02 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-07-17 20:02 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-07-17 20:02 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-07-17 20:02 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-07-17 20:02 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2015-07-17 20:02 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2015-07-17 20:02 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2015-07-17 20:02 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-17 20:02 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-17 20:02 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-17 20:02 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-17 20:02 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-17 20:02 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-17 20:02 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2015-07-17 20:02 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-17 20:02 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2015-07-17 20:02 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-07-17 20:02 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-17 20:02 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-17 20:02 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-17 20:02 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-07-17 20:02 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-07-17 20:02 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-07-17 20:02 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-07-17 20:01 - 2013-11-11 03:48 - 00039768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-07-17 20:01 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2015-07-17 20:01 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2015-07-17 20:01 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2015-07-17 20:01 - 2013-11-08 06:23 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2015-07-17 20:01 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2015-07-17 20:01 - 2013-11-08 05:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2015-07-17 20:01 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2015-07-17 20:01 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2015-07-17 20:01 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-07-17 20:01 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-07-17 20:01 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2015-07-17 20:01 - 2013-11-05 14:17 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-07-17 20:01 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2015-07-17 20:01 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-17 20:01 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-07-17 20:01 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2015-07-17 20:01 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-07-17 20:01 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-07-17 20:01 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2015-07-17 20:01 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2015-07-17 20:01 - 2013-10-31 01:58 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2015-07-17 20:01 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-17 20:01 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-17 20:01 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-07-17 20:01 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2015-07-17 20:01 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2015-07-17 20:01 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2015-07-17 20:01 - 2013-10-23 12:29 - 00044936 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2015-07-17 20:01 - 2013-10-23 12:21 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-07-17 20:01 - 2013-10-23 12:13 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2015-07-17 20:01 - 2013-10-22 09:18 - 00096088 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2015-07-17 20:01 - 2013-10-22 08:55 - 02328872 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-07-17 20:01 - 2013-10-22 07:03 - 02065448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-07-17 20:01 - 2013-10-22 06:15 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-17 20:01 - 2013-10-22 05:04 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-17 20:01 - 2013-10-22 04:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2015-07-17 20:01 - 2013-10-22 04:44 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2015-07-17 20:01 - 2013-10-22 03:38 - 01362944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-07-17 20:01 - 2013-10-22 03:22 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-17 20:01 - 2013-10-22 03:13 - 01704448 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-17 20:01 - 2013-10-22 02:53 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2015-07-17 20:01 - 2013-10-19 05:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-07-17 20:01 - 2013-10-19 05:03 - 00531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-07-17 20:01 - 2013-10-19 04:26 - 01231360 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-07-17 20:01 - 2013-10-19 04:14 - 00888832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-07-17 20:01 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-17 20:01 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-17 20:01 - 2013-10-16 10:34 - 00518656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2015-07-17 20:01 - 2013-10-16 10:33 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2015-07-17 20:01 - 2013-10-13 04:06 - 00258904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2015-07-17 20:01 - 2013-10-13 03:43 - 00708616 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2015-07-17 20:01 - 2013-10-10 17:26 - 00317616 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-17 20:01 - 2013-10-10 17:26 - 00104320 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-07-17 20:01 - 2013-10-10 15:53 - 00235960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-17 20:01 - 2013-10-10 15:53 - 00088272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-07-17 20:01 - 2013-10-10 12:53 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-07-17 20:01 - 2013-10-10 12:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-17 20:01 - 2013-10-10 12:26 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-17 20:01 - 2013-10-10 12:21 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-07-17 20:01 - 2013-10-10 12:05 - 01019392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-17 20:01 - 2013-10-10 11:34 - 01085952 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-07-17 20:01 - 2013-10-10 11:27 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-07-17 20:01 - 2013-10-08 11:28 - 00523096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2015-07-17 20:01 - 2013-10-08 07:46 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2015-07-17 20:01 - 2013-10-08 06:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2015-07-17 20:01 - 2013-10-08 06:50 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-07-17 20:01 - 2013-10-08 06:48 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-07-17 20:01 - 2013-10-08 06:15 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-07-17 20:01 - 2013-10-08 06:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2015-07-17 20:01 - 2013-10-08 05:50 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-07-17 20:01 - 2013-10-08 05:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2015-07-17 20:01 - 2013-10-07 08:21 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-17 20:01 - 2013-10-07 03:13 - 03532288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-17 20:01 - 2013-10-05 16:25 - 00057176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2015-07-17 20:01 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-07-17 20:01 - 2013-10-05 15:21 - 00699840 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-07-17 20:01 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-07-17 20:01 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-07-17 20:01 - 2013-10-05 13:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-07-17 20:01 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-07-17 20:01 - 2013-10-05 12:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-07-17 20:01 - 2013-10-05 10:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-17 20:01 - 2013-10-05 10:18 - 01011712 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-07-17 20:01 - 2013-10-05 10:07 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2015-07-17 20:01 - 2013-10-05 09:56 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-07-17 20:01 - 2013-10-05 09:55 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2015-07-17 20:01 - 2013-10-05 09:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-07-17 20:01 - 2013-10-05 09:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2015-07-17 20:01 - 2013-10-05 09:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-07-17 20:01 - 2013-10-05 09:15 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2015-07-17 20:01 - 2013-10-05 08:43 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2015-07-17 20:01 - 2013-10-05 08:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-07-17 20:01 - 2013-10-04 09:10 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2015-07-17 20:01 - 2013-09-17 10:06 - 01067080 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2015-07-17 20:01 - 2013-09-17 10:06 - 00465960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-17 20:01 - 2013-09-17 08:01 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-07-17 20:01 - 2013-09-17 07:31 - 00883184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2015-07-17 20:01 - 2013-09-17 07:31 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-17 20:01 - 2013-09-17 05:37 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2015-07-17 20:01 - 2013-09-14 15:07 - 02134120 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2015-07-17 20:01 - 2013-09-14 15:00 - 00391512 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2015-07-17 20:01 - 2013-09-14 13:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2015-07-17 20:01 - 2013-09-14 13:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2015-07-17 20:01 - 2013-09-14 11:05 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2015-07-17 20:01 - 2013-09-14 10:11 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2015-07-17 20:01 - 2013-09-13 09:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2015-07-17 20:01 - 2013-09-13 08:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2015-07-17 20:01 - 2013-09-12 09:45 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-07-17 20:01 - 2013-09-12 09:08 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-07-17 20:01 - 2013-09-12 09:08 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-17 20:01 - 2013-09-12 09:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-07-17 20:01 - 2013-09-12 08:44 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-07-17 20:01 - 2013-09-12 08:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-07-17 20:01 - 2013-09-12 08:37 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2015-07-17 20:01 - 2013-09-12 08:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-07-17 20:01 - 2013-09-12 08:16 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-07-17 20:01 - 2013-09-12 08:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-07-17 20:01 - 2013-09-10 05:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2015-07-17 20:00 - 2013-09-25 11:25 - 00783504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2015-07-17 20:00 - 2013-09-24 06:05 - 01245696 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-07-17 20:00 - 2013-09-21 10:09 - 00796928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2015-07-17 20:00 - 2013-09-21 07:33 - 11366912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2015-07-17 20:00 - 2013-09-21 06:56 - 08712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2015-07-17 20:00 - 2013-09-21 06:34 - 01555456 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2015-07-17 20:00 - 2013-09-21 06:10 - 12028416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-17 20:00 - 2013-09-21 05:44 - 01662464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-07-17 19:59 - 2013-09-26 10:20 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2015-07-17 19:59 - 2013-09-26 08:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2015-07-17 19:59 - 2013-09-26 08:14 - 00528896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2015-07-17 19:59 - 2013-09-26 07:51 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-07-17 19:59 - 2013-09-26 07:34 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2015-07-17 19:59 - 2013-09-26 07:34 - 00515072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmIndexer.dll
2015-07-17 19:59 - 2013-09-25 09:58 - 00648648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2015-07-17 19:59 - 2013-09-25 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2015-07-17 19:59 - 2013-09-25 06:40 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2015-07-17 19:59 - 2013-09-24 07:55 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2015-07-17 19:59 - 2013-09-24 06:59 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2015-07-17 19:59 - 2013-09-24 06:54 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-07-17 19:59 - 2013-09-24 06:10 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-07-17 19:59 - 2013-09-24 04:56 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2015-07-17 19:59 - 2013-09-21 13:10 - 00579416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-07-17 19:59 - 2013-09-21 13:10 - 00236376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-07-17 19:59 - 2013-09-21 13:10 - 00151384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-07-17 19:59 - 2013-09-21 12:50 - 00528048 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-07-17 19:59 - 2013-09-21 12:48 - 00534048 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-07-17 19:59 - 2013-09-21 12:48 - 00123480 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-17 19:59 - 2013-09-21 11:56 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-17 19:59 - 2013-09-21 11:53 - 01534504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-17 19:59 - 2013-09-21 11:53 - 00996320 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2015-07-17 19:59 - 2013-09-21 11:53 - 00934856 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2015-07-17 19:59 - 2013-09-21 11:53 - 00366688 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2015-07-17 19:59 - 2013-09-21 11:45 - 00171968 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-17 19:59 - 2013-09-21 10:23 - 00427096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-07-17 19:59 - 2013-09-21 10:23 - 00098104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-07-17 19:59 - 2013-09-21 10:12 - 01092896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-17 19:59 - 2013-09-21 10:09 - 00312936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2015-07-17 19:59 - 2013-09-21 08:58 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-07-17 19:59 - 2013-09-21 08:57 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-17 19:59 - 2013-09-21 08:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-07-17 19:59 - 2013-09-21 08:50 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-07-17 19:59 - 2013-09-21 08:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2015-07-17 19:59 - 2013-09-21 07:55 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-07-17 19:59 - 2013-09-21 07:01 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2015-07-17 19:59 - 2013-09-21 06:59 - 00940544 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-17 19:59 - 2013-09-21 06:57 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\livessp.dll
2015-07-17 19:59 - 2013-09-21 06:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-07-17 19:59 - 2013-09-21 06:38 - 00365568 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-07-17 19:59 - 2013-09-21 06:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-17 19:59 - 2013-09-21 06:31 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-17 19:59 - 2013-09-21 06:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-07-17 19:59 - 2013-09-21 06:20 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2015-07-17 19:59 - 2013-09-21 06:09 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2015-07-17 19:59 - 2013-09-21 06:05 - 08875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-17 19:59 - 2013-09-21 06:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2015-07-17 19:59 - 2013-09-21 05:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2015-07-17 19:59 - 2013-09-21 05:39 - 01455616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-07-17 19:59 - 2013-09-21 05:38 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2015-07-17 19:59 - 2013-09-21 05:38 - 00102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2015-07-17 19:59 - 2013-09-21 05:37 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2015-07-17 19:59 - 2013-09-21 05:36 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2015-07-17 19:59 - 2013-09-19 08:19 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersRes.dll
2015-07-17 19:59 - 2013-09-19 07:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2015-07-17 19:59 - 2013-09-19 07:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2015-07-17 19:59 - 2013-09-19 07:23 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WorkFoldersRes.dll
2015-07-17 19:59 - 2013-09-19 07:17 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2015-07-17 19:59 - 2013-09-19 06:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.dll
2015-07-17 19:59 - 2013-09-19 06:29 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2015-07-17 19:59 - 2013-09-19 06:08 - 01150976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-07-17 19:59 - 2013-09-19 06:01 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2015-07-17 19:59 - 2013-09-19 05:37 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-07-17 19:59 - 2013-09-19 05:32 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2015-07-17 19:59 - 2013-09-19 05:27 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2015-07-17 19:59 - 2013-09-19 05:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2015-07-17 19:59 - 2013-09-19 05:25 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-17 19:59 - 2013-09-19 05:11 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2015-07-17 19:59 - 2013-09-19 05:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2015-07-17 19:59 - 2013-09-19 04:59 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2015-07-17 19:59 - 2013-09-19 04:55 - 00552448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2015-07-17 19:59 - 2013-09-19 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-07-17 19:59 - 2013-09-19 04:32 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-07-17 19:59 - 2013-09-17 10:18 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-07-17 19:59 - 2013-09-17 07:58 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-17 19:59 - 2013-09-17 06:26 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-17 19:59 - 2013-09-17 06:15 - 01225728 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-07-17 19:59 - 2013-09-17 06:00 - 00453632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2015-07-17 19:59 - 2013-09-17 05:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-07-17 19:59 - 2013-09-17 05:08 - 00738304 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2015-07-17 19:59 - 2013-09-17 04:28 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2015-07-17 19:59 - 2013-09-14 15:06 - 00175960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys
2015-07-17 19:59 - 2013-09-14 15:06 - 00066904 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL
2015-07-17 19:59 - 2013-09-14 12:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-17 19:59 - 2013-09-13 13:14 - 00872328 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-17 19:59 - 2013-09-13 11:52 - 00698232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-17 19:59 - 2013-09-13 10:52 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\SensorsClassExtension.dll
2015-07-17 19:59 - 2013-09-13 09:54 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2015-07-17 19:59 - 2013-09-13 09:10 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2015-07-17 19:59 - 2013-09-13 08:55 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2015-07-17 19:59 - 2013-09-13 08:30 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2015-07-17 19:59 - 2013-09-12 08:37 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2015-07-17 19:59 - 2013-09-11 10:31 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2015-07-17 19:59 - 2013-09-11 10:31 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-07-17 19:59 - 2013-09-11 08:41 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2015-07-17 19:59 - 2013-09-11 08:09 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2015-07-17 19:59 - 2013-09-07 13:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\fdprint.dll
2015-07-17 19:59 - 2013-09-07 13:29 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2015-07-17 19:59 - 2013-09-07 13:00 - 00256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdprint.dll
2015-07-17 19:59 - 2013-09-07 12:50 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2015-07-17 19:59 - 2013-09-07 12:45 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2015-07-17 19:59 - 2013-09-07 12:30 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2015-07-17 19:59 - 2013-09-07 12:22 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll
2015-07-17 19:59 - 2013-09-07 12:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2015-07-17 19:59 - 2013-09-07 12:07 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\TetheringMgr.dll
2015-07-17 19:59 - 2013-09-07 11:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2015-07-17 19:59 - 2013-09-07 11:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2015-07-17 19:59 - 2013-09-05 08:39 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-07-17 19:59 - 2013-09-05 07:42 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2015-07-17 19:59 - 2013-09-05 06:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2015-07-17 19:59 - 2013-09-04 08:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2015-07-17 19:59 - 2013-09-04 07:16 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2015-07-17 19:59 - 2013-09-04 06:47 - 00492032 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2015-07-17 19:59 - 2013-09-04 06:12 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\DscCoreConfProv.dll
2015-07-17 19:59 - 2013-09-04 05:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2015-07-17 19:59 - 2013-09-04 05:48 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2015-07-17 19:59 - 2013-09-04 05:35 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2015-07-17 19:59 - 2013-08-31 15:18 - 00205024 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2015-07-17 19:59 - 2013-08-31 13:15 - 00180232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2015-07-17 19:59 - 2013-08-31 13:04 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2015-07-17 19:59 - 2013-08-31 11:46 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2015-07-17 19:59 - 2013-08-31 11:00 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-17 19:59 - 2013-08-31 10:25 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-17 19:59 - 2013-08-30 08:31 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2015-07-17 19:59 - 2013-08-28 08:55 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2015-07-17 19:59 - 2013-08-28 08:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2015-07-17 19:59 - 2013-08-28 08:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2015-07-17 19:59 - 2013-08-27 07:09 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2015-07-17 19:59 - 2013-08-27 06:24 - 00813568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2015-07-17 19:58 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-17 19:58 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-17 19:58 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-17 19:58 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-17 19:58 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-17 19:58 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-17 19:58 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-17 19:58 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-17 19:58 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-17 19:58 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-17 19:58 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-17 19:58 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-17 19:58 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-17 19:58 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-17 19:58 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-17 19:58 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-17 19:58 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-17 19:58 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-17 19:58 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-17 19:58 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-17 19:58 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-17 19:58 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-17 19:58 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-17 19:58 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-17 19:58 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-17 19:58 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-17 19:58 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-17 19:58 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-17 19:58 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-17 19:58 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-17 19:58 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-17 19:58 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-17 19:58 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-17 19:58 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-17 19:58 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-17 19:58 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-17 19:58 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-17 19:58 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-17 19:58 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-07-17 19:58 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-07-17 19:58 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-07-17 19:58 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-07-17 19:58 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-07-17 19:58 - 2014-01-04 15:03 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-07-17 19:58 - 2014-01-04 14:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-07-17 19:58 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-07-17 19:58 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-07-17 19:58 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-07-17 19:58 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-07-17 19:58 - 2013-12-21 03:10 - 00009701 _____ C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2015-07-17 19:58 - 2013-12-21 03:10 - 00009701 _____ C:\Windows\system32\connectedsearch-results.searchconnector-ms
2015-07-17 19:58 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-17 19:58 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-17 19:58 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-17 19:58 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-07-17 19:58 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2015-07-17 19:58 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-07-17 19:58 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-17 19:58 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-17 19:58 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-07-17 19:58 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-07-17 19:58 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2015-07-17 19:58 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2015-07-17 19:58 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-07-17 19:58 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-07-17 19:58 - 2013-10-16 16:58 - 01943536 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-17 19:58 - 2013-10-16 14:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-17 19:58 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-07-17 19:58 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-07-17 19:58 - 2013-10-13 03:48 - 00136536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-07-17 19:58 - 2013-10-12 22:48 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-07-17 19:58 - 2013-10-12 22:34 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-07-17 19:58 - 2013-10-05 15:21 - 01341288 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-17 19:58 - 2013-10-05 09:39 - 01067008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-17 19:58 - 2013-10-03 10:16 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2015-07-17 19:58 - 2013-10-03 10:02 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2015-07-17 19:58 - 2013-10-02 12:00 - 01286552 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-17 19:58 - 2013-10-02 10:47 - 01018960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-07-17 19:58 - 2013-10-01 04:42 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2015-07-17 19:58 - 2013-10-01 04:36 - 00977408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2015-07-17 19:53 - 2015-07-17 19:53 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Origin
2015-07-17 19:53 - 2015-07-17 19:53 - 00000000 ____D C:\Users\Proxima\AppData\Local\Origin
2015-07-17 19:52 - 2015-07-17 19:53 - 00000000 ____D C:\ProgramData\Origin
2015-07-17 19:52 - 2015-07-17 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-07-17 19:52 - 2015-07-17 19:52 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-07-17 19:48 - 2015-07-17 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Standard Mouse Driver
2015-07-17 19:47 - 2015-07-17 19:48 - 00000000 ____D C:\Program Files (x86)\Standard Mouse Driver
2015-07-17 19:44 - 2015-07-17 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2015-07-17 19:44 - 2015-07-17 19:44 - 00000000 ____D C:\Program Files\ShareX
2015-07-17 19:27 - 2015-07-17 19:27 - 00000000 ____D C:\Users\Proxima\AppData\Local\Steam
2015-07-17 19:27 - 2015-07-17 19:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-17 19:26 - 2015-07-17 19:26 - 00000000 ____D C:\ProgramData\Binary Fortress Software
2015-07-17 19:19 - 2015-07-18 18:19 - 00000000 ____D C:\Users\Proxima\AppData\Local\DisplayFusion
2015-07-17 19:19 - 2015-07-17 19:26 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\DisplayFusion
2015-07-17 19:19 - 2015-07-17 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2015-07-17 19:11 - 2015-07-17 19:11 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2015-07-17 19:10 - 2015-07-17 19:10 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\SYSTEMAX Software Development
2015-07-17 03:29 - 2015-07-16 19:08 - 00000000 ____D C:\Windows\Panther
2015-07-17 03:25 - 2015-07-17 03:28 - 00000000 ____D C:\$WINDOWS.~LS
2015-07-17 03:25 - 2015-07-17 03:25 - 00000000 ____D C:\$WINDOWS.~BT
2015-07-16 22:21 - 2015-07-16 22:21 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\NVIDIA
2015-07-16 22:17 - 2015-07-16 22:17 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\IrfanView
2015-07-16 22:17 - 2015-07-16 22:17 - 00000000 ____D C:\Users\Proxima\AppData\Local\Apps\2.0
2015-07-16 22:13 - 2015-07-16 22:33 - 00000400 __RSH C:\ProgramData\ntuser.pol
2015-07-16 22:11 - 2015-07-17 19:38 - 00000000 ____D C:\Games Optimised
2015-07-16 22:10 - 2015-07-16 22:10 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\.atlauncher
2015-07-16 21:52 - 2015-07-16 21:52 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Mozilla
2015-07-16 21:52 - 2015-07-16 21:52 - 00000000 ____D C:\Users\Proxima\AppData\Local\Mozilla
2015-07-16 21:51 - 2015-07-18 19:44 - 00000308 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Proxima.job
2015-07-16 21:51 - 2015-07-18 19:00 - 00002412 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Proxima
2015-07-16 21:51 - 2015-07-17 19:11 - 00000000 ____D C:\ProgramData\IObit
2015-07-16 21:51 - 2015-07-16 21:51 - 00001272 _____ C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-07-16 21:51 - 2015-07-16 21:51 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\ProductData
2015-07-16 21:51 - 2015-07-16 21:51 - 00000000 ____D C:\ProgramData\ProductData
2015-07-16 21:51 - 2015-07-16 21:51 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-16 21:51 - 2015-07-16 21:51 - 00000000 _____ C:\Users\Proxima\AppData\Local\Temp.dat
2015-07-16 21:51 - 2014-04-15 16:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-07-16 21:51 - 2014-04-15 16:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-07-16 21:50 - 2015-07-17 23:00 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Notepad++
2015-07-16 21:50 - 2015-07-16 21:51 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\IObit
2015-07-16 21:50 - 2015-07-16 21:50 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-16 21:50 - 2015-07-16 21:50 - 00003810 _____ C:\Windows\System32\Tasks\klcp_update
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Sun
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files\VideoLAN
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files\Java
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files\7-Zip
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files (x86)\PuTTY
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-07-16 21:50 - 2015-07-16 21:50 - 00000000 ____D C:\Program Files (x86)\IrfanView
2015-07-16 21:50 - 2015-07-16 21:49 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-16 21:49 - 2015-07-16 21:49 - 00000000 ____D C:\ProgramData\Oracle
2015-07-16 21:49 - 2015-07-16 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-16 21:49 - 2015-07-16 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-16 21:49 - 2015-07-16 21:49 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-16 21:48 - 2015-07-16 21:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-16 21:48 - 2015-07-16 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-16 21:44 - 2015-07-16 21:44 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-07-16 21:44 - 2015-07-16 21:44 - 00000000 ____D C:\Users\Proxima\AppData\Local\Secunia PSI
2015-07-16 21:44 - 2015-07-16 21:44 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-07-16 21:38 - 2015-07-05 11:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-16 21:29 - 2015-07-18 19:40 - 00000000 ____D C:\Users\Proxima\AppData\Local\ClassicShell
2015-07-16 21:29 - 2015-07-16 21:29 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\ClassicShell
2015-07-16 21:29 - 2015-07-16 21:29 - 00000000 ____D C:\ProgramData\Adobe
2015-07-16 21:27 - 2015-07-16 21:27 - 00000000 ____D C:\Program Files\Classic Shell
2015-07-16 21:24 - 2015-07-16 21:24 - 00011776 _____ (http://winaero.com) C:\Windows\skipmetrosuite.exe
2015-07-16 21:10 - 2015-07-17 23:21 - 00000000 ____D C:\Program Files (x86)\RocketDock
2015-07-16 21:02 - 2015-07-16 21:02 - 00000000 ____D C:\Users\Proxima\AppData\Local\Stardock
2015-07-16 20:56 - 2015-07-16 21:26 - 00000000 ____D C:\ProgramData\Stardock
2015-07-16 20:41 - 2015-07-16 20:41 - 00000000 ____D C:\ProgramData\13714622516060883452
2015-07-16 20:40 - 2015-07-17 20:40 - 00000420 _____ C:\Windows\Tasks\TouchCode.job
2015-07-16 20:40 - 2015-07-16 20:40 - 00003310 _____ C:\Windows\System32\Tasks\TouchCode
2015-07-16 20:14 - 2015-07-18 19:23 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-16 20:14 - 2015-07-16 20:14 - 00000000 ____D C:\Users\Proxima\AppData\Local\NVIDIA Corporation
2015-07-16 20:14 - 2015-07-16 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-16 20:14 - 2015-06-17 10:10 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-16 20:14 - 2015-06-17 10:10 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-16 20:14 - 2015-06-17 10:10 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-16 20:14 - 2015-06-17 10:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-16 20:14 - 2015-06-17 10:10 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-07-16 20:14 - 2015-06-17 10:10 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-07-16 20:14 - 2015-06-17 07:48 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-16 20:14 - 2015-06-17 07:48 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-16 20:14 - 2015-06-17 07:48 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-16 20:14 - 2015-06-17 07:48 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-16 20:14 - 2015-06-17 07:48 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-16 20:14 - 2015-06-17 07:48 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-16 20:14 - 2015-06-17 07:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-16 20:14 - 2015-06-02 15:11 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-07-16 20:14 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-07-16 20:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-07-16 20:14 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-07-16 20:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-07-16 20:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-07-16 20:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-07-16 20:13 - 2015-07-16 20:14 - 00000000 ____D C:\Users\Proxima\AppData\Local\NVIDIA
2015-07-16 20:13 - 2015-07-16 20:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-16 20:13 - 2015-06-17 10:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-16 20:13 - 2015-06-17 10:10 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-16 20:13 - 2015-06-17 10:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00061616 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-16 20:13 - 2015-06-17 10:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-16 20:13 - 2015-06-17 10:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-16 20:12 - 2015-07-16 20:12 - 00000000 ____D C:\NVIDIA
2015-07-16 19:21 - 2015-07-16 19:21 - 00007784 _____ C:\Windows\DPINST.LOG
2015-07-16 19:21 - 2015-07-16 19:21 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2015-07-16 19:20 - 2015-07-16 19:20 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-07-16 19:20 - 2015-07-16 19:20 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-07-16 19:20 - 2015-07-16 19:20 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-07-16 19:20 - 2015-07-16 19:20 - 00000000 ____D C:\Program Files\Realtek
2015-07-16 19:20 - 2013-10-07 22:02 - 03680728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-07-16 19:20 - 2013-10-07 19:22 - 00664465 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-07-16 19:20 - 2013-10-07 16:22 - 00150744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-07-16 19:20 - 2013-10-07 11:05 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-07-16 19:20 - 2013-10-02 17:28 - 02586840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-07-16 19:20 - 2013-10-02 17:10 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-07-16 19:20 - 2013-10-02 14:04 - 33917440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-07-16 19:20 - 2013-10-02 09:43 - 00754488 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2015-07-16 19:20 - 2013-10-02 09:39 - 05538072 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2015-07-16 19:20 - 2013-09-28 00:50 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-07-16 19:20 - 2013-09-26 16:11 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-07-16 19:20 - 2013-09-13 18:44 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-07-16 19:20 - 2013-09-10 04:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-07-16 19:20 - 2013-09-10 04:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-07-16 19:20 - 2013-09-10 04:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-07-16 19:20 - 2013-09-10 04:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-07-16 19:20 - 2013-09-09 15:32 - 05681192 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-07-16 19:20 - 2013-08-24 03:14 - 01014016 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-07-16 19:20 - 2013-08-24 03:14 - 00897792 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-07-16 19:20 - 2013-08-24 03:14 - 00722688 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-07-16 19:20 - 2013-08-24 03:14 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-07-16 19:20 - 2013-08-20 17:37 - 00605496 _____ C:\Windows\system32\audioLibVc.dll
2015-07-16 19:20 - 2013-08-14 16:36 - 01325312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-07-16 19:20 - 2013-08-14 16:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-07-16 19:20 - 2013-08-14 16:35 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-07-16 19:20 - 2013-08-14 16:35 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-07-16 19:20 - 2013-08-14 16:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-07-16 19:20 - 2013-08-07 17:41 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-07-16 19:20 - 2013-08-07 17:34 - 00765184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-07-16 19:20 - 2013-08-06 09:47 - 00947248 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-07-16 19:20 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-07-16 19:20 - 2013-07-28 10:48 - 27518208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-07-16 19:20 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-07-16 19:20 - 2013-07-23 15:40 - 03610880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-07-16 19:20 - 2013-07-23 15:40 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-07-16 19:20 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-07-16 19:20 - 2013-07-23 15:39 - 01916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-07-16 19:20 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-07-16 19:20 - 2013-07-23 15:39 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2015-07-16 19:20 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-07-16 19:20 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-07-16 19:20 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-07-16 19:20 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-07-16 19:20 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-07-16 19:20 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-07-16 19:20 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-07-16 19:20 - 2012-10-02 14:41 - 00501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-07-16 19:20 - 2012-10-02 14:41 - 00487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-07-16 19:20 - 2012-10-02 14:41 - 00415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-07-16 19:20 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-07-16 19:20 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-07-16 19:20 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-07-16 19:20 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-07-16 19:20 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-07-16 19:20 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-07-16 19:20 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-07-16 19:20 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-07-16 19:20 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-07-16 19:20 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-07-16 19:20 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-07-16 19:20 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-07-16 19:20 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-07-16 19:20 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-07-16 19:20 - 2011-08-11 16:55 - 00001332 _____ C:\Windows\system32\Drivers\DTSU2P.DAT
2015-07-16 19:20 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-07-16 19:20 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-07-16 19:20 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-07-16 19:20 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-07-16 19:20 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-07-16 19:20 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-07-16 19:20 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-07-16 19:20 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-07-16 19:20 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-07-16 19:20 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-07-16 19:20 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-07-16 19:20 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-07-16 19:20 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-07-16 19:20 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-07-16 19:20 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-07-16 19:20 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-07-16 19:20 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-07-16 19:19 - 2015-07-16 19:19 - 00001769 _____ C:\Windows\Language_trs.ini
2015-07-16 19:18 - 2013-06-21 17:35 - 00816344 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-07-16 19:18 - 2013-06-21 17:35 - 00074456 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-07-16 19:17 - 2015-07-17 19:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-16 19:17 - 2015-07-16 19:20 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-07-16 19:16 - 2015-07-16 19:16 - 00000000 ____D C:\Windows\SysWOW64\Drivers\MFDLL
2015-07-16 19:16 - 2015-07-16 19:16 - 00000000 ____D C:\ProgramData\ASUS
2015-07-16 19:16 - 2015-07-16 19:16 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-07-16 19:16 - 2012-08-22 17:54 - 00015232 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2015-07-16 19:16 - 2010-06-29 15:41 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2015-07-16 19:16 - 2008-01-04 13:34 - 00011832 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2015-07-16 19:16 - 2008-01-04 13:34 - 00010216 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2015-07-16 19:15 - 2015-07-16 20:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-16 19:15 - 2015-07-16 20:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-16 19:15 - 2015-07-16 20:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-16 19:14 - 2015-07-16 19:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
2015-07-16 19:14 - 2015-07-16 19:14 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2015-07-16 19:14 - 2015-07-16 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2015-07-16 19:13 - 2015-07-18 19:42 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 19:13 - 2015-07-18 19:07 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1345023895-3421161898-3976837730-1001
2015-07-16 19:11 - 2015-07-16 19:11 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Macromedia
2015-07-16 19:10 - 2015-07-16 19:10 - 00000000 ____D C:\Windows\CSC
2015-07-16 19:08 - 2015-07-17 23:15 - 00000000 ____D C:\Users\Proxima
2015-07-16 19:08 - 2015-07-17 20:40 - 00000000 ____D C:\Users\Proxima\AppData\Local\VirtualStore
2015-07-16 19:08 - 2015-07-16 21:29 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Adobe
2015-07-16 19:08 - 2015-07-16 19:08 - 00001446 _____ C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-16 19:08 - 2015-07-16 19:08 - 00000020 ___SH C:\Users\Proxima\ntuser.ini
2015-07-16 19:08 - 2015-07-16 19:08 - 00000000 ____D C:\Users\Proxima\AppData\Local\Packages
2015-07-16 19:08 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-16 19:08 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-16 19:08 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-16 19:08 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Proxima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-16 19:05 - 2015-07-16 19:05 - 00003706 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-07-16 19:05 - 2015-07-16 19:05 - 00000000 ____D C:\Program Files\KMSpico
2015-07-16 19:01 - 2015-07-18 19:24 - 01460617 _____ C:\Windows\WindowsUpdate.log
2015-07-16 18:39 - 2013-08-22 06:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-07-16 18:35 - 2015-07-16 18:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-07-16 18:34 - 2015-07-18 19:09 - 00052118 _____ C:\Windows\PFRO.log
2015-06-27 13:29 - 2015-06-27 13:29 - 00289008 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper64.dll
2015-06-27 13:29 - 2015-06-27 13:29 - 00248048 _____ (IvoSoft) C:\Windows\SysWOW64\StartMenuHelper32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-18 19:24 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 19:18 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-18 19:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-18 15:25 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\DesktopTileResources
2015-07-18 15:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Web
2015-07-18 15:25 - 2013-08-22 15:44 - 00348888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 23:14 - 2013-08-22 20:11 - 00000000 ____D C:\Windows\ShellNew
2015-07-17 23:11 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\MediaViewer
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\FileManager
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Camera
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-17 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-17 20:37 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-17 20:37 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\oobe
2015-07-17 20:37 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Dism
2015-07-17 20:27 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-17 03:29 - 2013-08-22 16:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-07-16 22:13 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-16 22:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-16 21:39 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-16 20:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2015-07-16 20:14 - 2013-08-22 15:46 - 00009599 _____ C:\Windows\setupact.log
2015-07-16 19:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\restore
2015-07-16 19:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-16 19:08 - 2013-08-22 15:45 - 00000000 ____D C:\Windows\Setup
 
==================== Files in the root of some directories =======
 
2015-07-16 21:51 - 2015-07-16 21:51 - 0000000 _____ () C:\Users\Proxima\AppData\Local\Temp.dat
2015-07-16 19:20 - 2015-07-16 19:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-17 18:08 - 2015-07-17 18:08 - 0019535 _____ () C:\ProgramData\empty.ico
 
Some files in TEMP:
====================
C:\Users\Proxima\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Proxima\AppData\Local\Temp\nvStInst.exe
C:\Users\Proxima\AppData\Local\Temp\Quarantine.exe
C:\Users\Proxima\AppData\Local\Temp\ShareX-10.0.0-setup.exe
C:\Users\Proxima\AppData\Local\Temp\sqlite3.dll
C:\Users\Proxima\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-16 18:34
 

 

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 19 July 2015 - 08:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1345023895-3421161898-3976837730-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\tiletabs@DW-dev.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\s3download@statusbar.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\omnibar@ajitk.com.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [not found]
FF Extension: No Name - C:\Program Files\Waterfox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Evernote Web) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-07-17]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Task: {AA8AC6C9-7E21-41EA-9E1E-BA724B4167E1} - System32\Tasks\TouchCode => c:\programdata\{e0a5d1fa-fe34-f0f1-e0a5-5d1fafe347eb}\stardock_start8_1.41_repack_by_painter.exe <==== ATTENTION
Task: C:\Windows\Tasks\TouchCode.job => c:\programdata\{e0a5d1fa-fe34-f0f1-e0a5-5d1fafe347eb}\stardock_start8_1.41_repack_by_painter.exe <==== ATTENTION
C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
C:\Program Files\KMSpico
c:\programdata\{e0a5d1fa-fe34-f0f1-e0a5-5d1fafe347eb}\stardock_start8_1.41_repack_by_painter.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Proxima

Proxima
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 19 July 2015 - 09:42 AM

Here's my log
 
 
Fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Proxima at 2015-07-19 15:39:36 Run:1
Running from C:\Users\Proxima\Desktop
Loaded Profiles: Proxima (Available Profiles: Proxima)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1345023895-3421161898-3976837730-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\tiletabs@DW-dev.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\s3download@statusbar.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\omnibar@ajitk.com.xpi [not found]
FF Extension: No Name - C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [not found]
FF Extension: No Name - C:\Program Files\Waterfox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Evernote Web) - C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-07-17]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Task: {AA8AC6C9-7E21-41EA-9E1E-BA724B4167E1} - System32\Tasks\TouchCode => c:\programdata\{e0a5d1fa-fe34-f0f1-e0a5-5d1fafe347eb}\stardock_start8_1.41_repack_by_painter.exe <==== ATTENTION
Task: C:\Windows\Tasks\TouchCode.job => c:\programdata\{e0a5d1fa-fe34-f0f1-e0a5-5d1fafe347eb}\stardock_start8_1.41_repack_by_painter.exe <==== ATTENTION
C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
C:\Program Files\KMSpico
c:\programdata\{e0a5d1fa-fe34-f0f1-e0a5-5d1fafe347eb}\stardock_start8_1.41_repack_by_painter.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1345023895-3421161898-3976837730-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi not found.
C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\tiletabs@DW-dev.xpi not found.
C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\s3download@statusbar.xpi not found.
C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\omnibar@ajitk.com.xpi not found.
C:\Users\Proxima\AppData\Roaming\Mozilla\Firefox\Profiles\paqwrqp2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} not found.
C:\Program Files\Waterfox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol => moved successfully.
Service KMSELDI => Service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA8AC6C9-7E21-41EA-9E1E-BA724B4167E1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8AC6C9-7E21-41EA-9E1E-BA724B4167E1}" => key removed successfully
C:\Windows\System32\Tasks\TouchCode => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TouchCode" => key removed successfully
C:\Windows\Tasks\TouchCode.job => moved successfully.
"C:\Users\Proxima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol" => File/Folder not found.
C:\Program Files\KMSpico => moved successfully.
"c:\programdata\{e0a5d1fa-fe34-f0f1-e0a5-5d1fafe347eb}\stardock_start8_1.41_repack_by_painter.exe" => File/Folder not found.
EmptyTemp: => 2.2 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 15:40:00 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 20 July 2015 - 07:34 AM

How is the computer running now?

#5 Proxima

Proxima
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 20 July 2015 - 12:03 PM

It's still slowing down. Had a random complete shut off of the PC today as well.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 20 July 2015 - 01:02 PM

Let see what else we can find.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 26 July 2015 - 07:34 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 01 August 2015 - 10:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users