Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Malware?


  • This topic is locked This topic is locked
16 replies to this topic

#1 dave89

dave89

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 17 August 2015 - 10:31 PM

Hello I was directed here from my previous thread.

 

This all started when I stupidly decided to search for movies illegally online. I didn't notice any symptoms at first, but my laptop seemed unusually slow and seemed to get memory errors more often as well as internet disconnections. When I checked task manager, the process "System" was nearly taking up a gig of memory. I ran Norton, Malwarebytes and a scanner from Microsoft to no avail. After that I ran Malwarebytes' rootkit scanner, but what had infected my system prevented me from running it and corrupted the exe file somehow. When I redownloaded and ran it on safe mode it picked up 3 objects which were removed. I would list them here, but I forgot to back up the log before I reformatted my computer. The problems persisted so I ended up reinstalling windows with a bootable usb created on the infected machine.

 

Windows ran normally again at first, but the problems resurfaced shortly after. I ran the rootkit scanner again and it picked up six objects (listed here). Even after they were removed the problems still persisted: the system process again bloated up and my laptop's fan was running at an abnormally high rpm with nothing running. Further scans with AVs turned up nothing as usual. The system process mysteriously corrected its memory a few hours ago, but I'm still not sure if the malware is dealt with. I will add any additional details on request.

 

Thanks in advance.

 

FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by David (administrator) on DESKTOP-RMJTNP7 (17-08-2015 20:55:08)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\ns.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8504064 2015-08-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369248 2015-07-21] (Microsoft Corp.)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1024824120-419913284-123492822-1001\...\Run: [OneDrive] => C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-15] (Microsoft Corporation)
HKU\S-1-5-21-1024824120-419913284-123492822-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1024824120-419913284-123492822-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1024824120-419913284-123492822-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{61e731a1-855a-47c5-8d3d-72de963d8f6a}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn [2015-08-17]
 
Chrome: 
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-15]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-15]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-15]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-08-15]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-15]
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-08-15]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-15]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-15]
CHR Extension: (Cut the Rope) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-08-15]
CHR Extension: (Norton Identity Safe) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-15]
CHR Extension: (ReChat for Twitch™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-08-15]
CHR Extension: (StayFocusd) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-08-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-15]
CHR Extension: (Skype Click to Call) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-16]
CHR Extension: (Norton Safe) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2015-07-21] (Microsoft Corp.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-07-22] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-07-21] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-07-23] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-08-15] (Intel Corporation)
S3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.2.15\NS.exe [282016 2015-07-16] (Symantec Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [988672 2015-08-02] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-15] (Realtek Semiconductor)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-07-11] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-07-23] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-07-23] (Microsoft Corporation)
S3 UnistoreSvc_Session1; C:\Windows\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
S3 UserDataSvc_Session1; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc_Session1; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150810.001\BHDrvx64.sys [1650936 2015-08-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S3 EagleX64; C:\Windows\system32\drivers\EagleX64.sys [174728 2015-08-17] (AhnLab, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-08-14] (Symantec Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150814.002\IDSvia64.sys [692984 2015-08-14] (Symantec Corporation)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\ENG64.SYS [138488 2015-08-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150817.001\EX64.SYS [2146040 2015-08-14] (Symantec Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-08-15] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-05-29] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-07-13] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 20:55 - 2015-08-17 20:55 - 00022270 _____ C:\Users\David\Desktop\FRST.txt
2015-08-17 20:36 - 2015-08-17 20:36 - 16563304 _____ (Malwarebytes Corp.) C:\Users\David\Downloads\mbar-1.09.2.1008.exe
2015-08-17 20:27 - 2015-08-17 20:27 - 00016148 _____ C:\Windows\system32\DESKTOP-RMJTNP7_David_HistoryPrediction.bin
2015-08-17 19:50 - 2015-08-17 19:50 - 00025651 _____ C:\Users\David\Downloads\Addition.txt
2015-08-17 19:49 - 2015-08-17 20:55 - 00000000 ____D C:\FRST
2015-08-17 19:49 - 2015-08-17 19:50 - 00132956 _____ C:\Users\David\Downloads\FRST.txt
2015-08-17 19:34 - 2015-08-17 19:34 - 00092447 _____ C:\Users\David\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs.html
2015-08-17 19:34 - 2015-08-17 19:34 - 00000000 ____D C:\Users\David\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs_files
2015-08-17 15:39 - 2015-08-17 15:39 - 00174728 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\EagleX64.sys
2015-08-16 18:22 - 2015-08-16 18:22 - 03761279 _____ C:\Users\David\Downloads\66326 RYO - Fantazindy.osz
2015-08-16 17:35 - 2015-08-16 17:36 - 02173440 _____ (Farbar) C:\Users\David\Desktop\frst64.exe
2015-08-16 16:27 - 2015-08-16 16:27 - 00000000 ____D C:\Windows\system32\SleepStudy
2015-08-16 10:20 - 2015-08-16 10:20 - 17295270 _____ C:\Users\David\Downloads\Samsung_Magician_Setup_v46.zip
2015-08-16 10:15 - 2015-08-16 10:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-16 10:15 - 2015-08-16 10:15 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-16 10:15 - 2015-08-16 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-16 10:15 - 2015-08-16 10:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-16 10:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-16 10:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-16 09:44 - 2015-08-16 09:44 - 02880802 _____ C:\Users\David\Downloads\115729 SENEZ - Misplaced Shadow.osz
2015-08-16 09:12 - 2015-08-16 09:12 - 00511764 _____ C:\Users\David\Downloads\openhardwaremonitor-v0.7.1-beta.zip
2015-08-16 09:12 - 2015-08-16 09:12 - 00000000 ____D C:\Users\David\Downloads\openhardwaremonitor-v0.7.1-beta
2015-08-16 09:10 - 2015-08-16 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Samsung
2015-08-16 02:25 - 2015-08-16 02:25 - 00000000 ____D C:\Windows\pss
2015-08-16 02:12 - 2015-08-17 19:43 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2015-08-16 00:58 - 2015-08-16 00:58 - 10281800 _____ C:\Users\David\Downloads\NexonLauncherSetup (1).exe
2015-08-15 22:33 - 2015-08-15 22:33 - 00000000 ____D C:\Users\David\AppData\Local\NetworkTiles
2015-08-15 21:09 - 2015-08-15 21:09 - 00000000 ____D C:\Users\David\Tracing
2015-08-15 21:07 - 2015-08-17 20:52 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2015-08-15 21:07 - 2015-08-15 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-15 21:07 - 2015-08-15 21:07 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-15 21:07 - 2015-08-15 21:07 - 00000000 ____D C:\Users\David\AppData\Local\Skype
2015-08-15 21:07 - 2015-08-15 21:07 - 00000000 ____D C:\ProgramData\Skype
2015-08-15 21:07 - 2015-08-15 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-15 21:06 - 2015-08-15 21:06 - 01385504 _____ (Skype Technologies S.A.) C:\Users\David\Downloads\SkypeSetup (1).exe
2015-08-15 18:58 - 2015-08-15 18:58 - 00102731 _____ C:\Users\David\Downloads\STREDIT.zip
2015-08-15 18:51 - 2015-08-15 18:51 - 00000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2015-08-15 18:51 - 2015-08-15 18:51 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-08-15 18:51 - 2015-08-15 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-08-15 18:51 - 2015-08-15 18:51 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-08-15 18:50 - 2015-08-15 18:50 - 05621420 _____ C:\Users\David\Downloads\npp.6.8.1.Installer.exe
2015-08-15 18:48 - 2015-08-17 15:35 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B79D76BA-B6E9-4F14-A2C8-66E441D09CD8}
2015-08-15 18:29 - 2015-08-15 18:29 - 00000000 ____D C:\Users\David\Downloads\TakeOwnership
2015-08-15 18:20 - 2015-08-15 18:20 - 00000622 _____ C:\Users\David\Downloads\TakeOwnership.zip
2015-08-15 16:40 - 2015-08-15 16:40 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-08-15 16:40 - 2015-08-15 16:40 - 00000000 ____D C:\Users\David\AppData\Local\FluxSoftware
2015-08-15 16:39 - 2015-08-15 16:39 - 00597304 _____ C:\Users\David\Downloads\flux-setup.exe
2015-08-15 16:29 - 2015-08-17 19:26 - 00000000 ____D C:\Users\David\AppData\Local\osu!
2015-08-15 16:29 - 2015-08-15 16:29 - 00001021 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-08-15 16:25 - 2015-08-15 16:27 - 10518752 _____ (Microsoft Corporation) C:\Users\David\Downloads\BingDesktopSetup.exe
2015-08-15 16:21 - 2015-08-15 16:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-15 16:21 - 2015-08-15 16:21 - 00000000 ____D C:\Program Files\MSBuild
2015-08-15 16:21 - 2015-08-15 16:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-15 16:21 - 2015-08-15 16:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-15 16:20 - 2015-06-17 18:10 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-08-15 16:20 - 2015-06-17 18:10 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-15 16:20 - 2015-06-17 18:10 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-08-15 16:20 - 2015-05-29 21:07 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-08-15 16:20 - 2015-05-29 21:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-15 16:20 - 2015-05-29 21:07 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-08-15 16:19 - 2015-08-15 16:19 - 03275336 _____ (ppy) C:\Users\David\Downloads\osu!install.exe
2015-08-15 15:55 - 2015-08-15 15:55 - 00003088 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2015-08-15 15:55 - 2015-08-15 15:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-15 15:55 - 2015-08-15 15:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-15 15:55 - 2015-08-15 15:55 - 00000000 ____D C:\Program Files\Synaptics
2015-08-15 15:54 - 2015-08-15 15:55 - 00007220 _____ C:\Windows\DPINST.LOG
2015-08-15 15:54 - 2015-08-15 15:54 - 00000000 ____D C:\ProgramData\Dell
2015-08-15 15:54 - 2015-05-29 16:46 - 00246440 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo29.dll
2015-08-15 15:54 - 2015-05-29 16:45 - 00755880 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-08-15 15:54 - 2015-05-29 16:45 - 00604840 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-08-15 15:54 - 2015-05-29 16:45 - 00410792 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-08-15 15:54 - 2015-05-29 16:45 - 00259240 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-08-15 15:54 - 2015-05-29 16:45 - 00033960 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-08-15 15:54 - 2015-05-29 16:45 - 00033960 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-08-15 15:54 - 2015-05-29 16:45 - 00033448 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-08-15 15:54 - 2014-01-30 17:17 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-08-15 15:53 - 2015-08-15 15:54 - 63864280 _____ (Dell Inc.) C:\Users\David\Downloads\Input_Driver_X78P8_WN32_19.0.9.4_A00.EXE
2015-08-15 15:45 - 2015-08-15 15:45 - 62268304 _____ C:\Users\David\Downloads\Input_ALPS_W8_A00_Setup-1JW07_ZPE.exe
2015-08-15 15:44 - 2015-08-15 15:44 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-15 15:21 - 2015-08-15 11:38 - 00000000 ____D C:\Windows\Panther
2015-08-15 15:12 - 2015-08-15 15:12 - 00000000 ____D C:\Windows.old
2015-08-15 14:58 - 2015-08-15 14:24 - 00000000 __SHD C:\Recovery
2015-08-15 14:53 - 2015-08-15 14:58 - 00000000 ___HD C:\$SysReset
2015-08-15 14:30 - 2015-08-17 20:35 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-15 14:25 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-08-15 14:23 - 2015-08-17 19:43 - 00060080 _____ C:\Windows\PFRO.log
2015-08-15 14:23 - 2015-08-15 14:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-15 14:10 - 2015-08-17 20:49 - 00000000 ____D C:\Users\David\Desktop\mbar
2015-08-15 14:10 - 2015-08-17 20:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-15 14:10 - 2015-08-17 20:36 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-15 14:10 - 2015-08-17 20:27 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 14:10 - 2015-08-16 10:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-15 14:09 - 2015-08-17 20:34 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2015-08-15 14:09 - 2015-08-15 14:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\David\Downloads\mbar-1.09.1.1004 (1).exe
2015-08-15 14:07 - 2015-08-16 10:18 - 00000000 ____D C:\Users\David\Desktop\New folder
2015-08-15 14:06 - 2015-08-15 14:06 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-15 13:21 - 2015-08-15 13:21 - 00000000 ____D C:\ProgramData\Nexon
2015-08-15 13:07 - 2015-08-15 13:07 - 00000000 ____D C:\Users\David\Documents\doc
2015-08-15 13:07 - 2015-08-15 03:46 - 3189343101 _____ C:\Users\David\Documents\Songs.zip
2015-08-15 12:32 - 2015-08-17 20:42 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2015-08-15 12:24 - 2015-08-15 12:24 - 00000000 ____D C:\Temp
2015-08-15 12:20 - 2015-08-16 09:10 - 00002158 _____ C:\Users\Public\Desktop\Data Migration.lnk
2015-08-15 12:20 - 2015-08-15 12:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-15 12:20 - 2015-08-15 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-15 12:20 - 2015-08-15 12:20 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-08-15 12:17 - 2015-08-15 12:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\David\Downloads\mbar-1.09.1.1004.exe
2015-08-15 12:08 - 2015-08-15 12:08 - 00000000 ____D C:\Nexon
2015-08-15 12:07 - 2015-08-15 12:07 - 12057299 _____ C:\Users\David\Downloads\Samsung_Data_Migration_Setup_v27.zip
2015-08-15 12:06 - 2015-08-15 18:53 - 00000000 ____D C:\Users\David\AppData\Local\NexonLauncher
2015-08-15 12:06 - 2015-08-15 12:08 - 00000000 ____D C:\Users\David\AppData\Roaming\NexonLauncher
2015-08-15 12:05 - 2015-08-15 13:19 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2015-08-15 12:04 - 2015-08-15 12:04 - 00009971 _____ C:\Windows\DirectX.log
2015-08-15 12:04 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-08-15 12:04 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-08-15 12:04 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-08-15 12:04 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-08-15 12:04 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-08-15 12:04 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-08-15 12:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-08-15 12:04 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-08-15 12:04 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-08-15 12:04 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-08-15 12:04 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-08-15 12:04 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-08-15 12:04 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-08-15 12:04 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-08-15 12:04 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-08-15 12:04 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-08-15 12:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-08-15 12:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-08-15 12:04 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-08-15 12:04 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-08-15 12:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-08-15 12:04 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-08-15 12:04 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-08-15 12:04 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-08-15 12:04 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-08-15 12:04 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-08-15 12:04 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-08-15 12:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-08-15 12:04 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-08-15 12:04 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-08-15 12:04 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-08-15 12:04 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-08-15 12:04 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-08-15 12:04 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-08-15 12:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-08-15 12:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-08-15 12:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-08-15 12:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-08-15 12:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-08-15 12:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-08-15 12:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-08-15 12:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-08-15 12:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-08-15 12:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-08-15 12:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-08-15 12:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-08-15 12:04 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-08-15 12:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-08-15 12:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-08-15 12:04 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-08-15 12:04 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-08-15 12:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-08-15 12:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-08-15 12:04 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-08-15 12:04 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-08-15 12:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-08-15 12:04 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-08-15 12:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-08-15 12:04 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-08-15 12:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-08-15 12:04 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-08-15 12:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-08-15 12:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-08-15 12:04 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-08-15 12:04 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-08-15 12:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-08-15 12:04 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-08-15 12:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-08-15 12:04 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-08-15 12:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-08-15 12:04 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-08-15 12:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-08-15 12:04 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-08-15 12:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-08-15 12:04 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-08-15 12:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-08-15 12:04 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-08-15 12:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-08-15 12:04 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-08-15 12:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-08-15 12:04 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-08-15 12:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-08-15 12:04 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-08-15 12:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-08-15 12:04 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-08-15 12:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-08-15 12:04 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-08-15 12:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-08-15 12:04 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-08-15 12:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-08-15 12:04 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-08-15 12:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-08-15 12:04 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-08-15 12:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-08-15 12:04 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-08-15 12:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-08-15 12:04 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-08-15 12:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-08-15 12:04 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-08-15 12:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-08-15 12:04 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-08-15 12:04 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-08-15 12:04 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-08-15 12:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-08-15 12:04 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-08-15 12:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-08-15 12:04 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-08-15 12:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-08-15 12:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-08-15 12:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-08-15 12:04 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-08-15 12:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-08-15 12:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-08-15 12:04 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-08-15 12:04 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-08-15 12:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-08-15 12:04 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-08-15 12:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-08-15 12:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-08-15 12:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-08-15 12:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-08-15 12:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-08-15 12:04 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-08-15 12:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-08-15 12:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-08-15 12:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-08-15 12:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-08-15 12:04 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-08-15 12:04 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-08-15 12:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-08-15 12:04 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-08-15 12:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-08-15 12:04 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-08-15 12:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-08-15 12:04 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-08-15 12:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-08-15 12:04 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-08-15 12:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-08-15 12:04 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-08-15 12:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-08-15 12:04 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-08-15 12:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-08-15 12:04 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-08-15 12:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-08-15 12:04 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-08-15 12:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-08-15 12:04 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-08-15 12:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-08-15 12:04 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-08-15 12:04 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-08-15 12:03 - 2015-08-15 12:03 - 01385504 _____ (Skype Technologies S.A.) C:\Users\David\Downloads\SkypeSetup.exe
2015-08-15 12:03 - 2015-08-15 12:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Macromedia
2015-08-15 12:02 - 2015-08-15 12:04 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-08-15 12:02 - 2015-08-15 12:04 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-08-15 12:01 - 2015-08-15 12:01 - 00000000 ____D C:\Program Files (x86)\Nexon
2015-08-15 11:58 - 2015-08-15 14:04 - 00003386 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-08-15 11:58 - 2015-08-15 14:04 - 00002383 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-08-15 11:58 - 2015-08-15 12:04 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-08-15 11:58 - 2015-08-15 12:04 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-08-15 11:58 - 2015-08-15 12:01 - 10281800 _____ C:\Users\David\Downloads\NexonLauncherSetup.exe
2015-08-15 11:58 - 2015-08-15 11:58 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-08-15 11:56 - 2015-08-15 14:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-08-15 11:56 - 2015-08-15 14:04 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2015-08-15 11:56 - 2015-08-15 11:58 - 00000000 ____D C:\ProgramData\Norton
2015-08-15 11:56 - 2015-08-15 11:56 - 00000000 ____D C:\Program Files (x86)\Norton Security
2015-08-15 11:54 - 2015-08-15 11:54 - 00417064 _____ () C:\Users\David\Downloads\DellSystemDetectLauncher.exe
2015-08-15 11:54 - 2015-08-15 11:54 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-08-15 11:54 - 2015-08-15 11:54 - 00000000 ____D C:\Users\David\AppData\Local\Deployment
2015-08-15 11:54 - 2015-08-15 11:54 - 00000000 ____D C:\Users\David\AppData\Local\Apps\2.0
2015-08-15 11:51 - 2015-08-15 11:51 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-15 11:51 - 2015-08-15 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-15 11:51 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-08-15 11:50 - 2015-08-17 20:55 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-15 11:50 - 2015-08-17 20:27 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 11:50 - 2015-08-15 11:55 - 129780392 _____ (Symantec Corporation) C:\Users\David\Downloads\NS-TW-22.5.0-EN-US.exe
2015-08-15 11:50 - 2015-08-15 11:51 - 00000000 ____D C:\Users\David\AppData\Local\Google
2015-08-15 11:50 - 2015-08-15 11:51 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-15 11:50 - 2015-08-15 11:50 - 00003986 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-15 11:50 - 2015-08-15 11:50 - 00003754 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-15 11:48 - 2015-08-15 11:50 - 00931408 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2015-08-15 11:48 - 2015-08-15 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-08-15 11:48 - 2015-08-15 11:48 - 02276560 _____ (Microsoft Corporation) C:\Windows\system32\coin95itp.dll
2015-08-15 11:48 - 2015-08-15 11:48 - 02276560 _____ (Microsoft Corporation) C:\Windows\system32\coin95ip.dll
2015-08-15 11:48 - 2015-08-15 11:48 - 00618720 _____ (Qualcomm Atheros) C:\Windows\system32\Drivers\btfilter.sys
2015-08-15 11:48 - 2015-08-15 11:48 - 00246804 _____ C:\Windows\system32\Drivers\AtherosBT.bin
2015-08-15 11:48 - 2015-08-15 11:48 - 00217720 _____ (Qualcomm®Atheros®) C:\Windows\system32\BtContextMenu.dll
2015-08-15 11:48 - 2015-08-15 11:48 - 00216696 _____ (Qualcomm Atheros Communications Inc.) C:\Windows\system32\btcoinst.dll
2015-08-15 11:48 - 2015-08-15 11:48 - 00046972 _____ C:\Windows\system32\Drivers\AthrBT_0x11020000.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00046868 _____ C:\Windows\system32\Drivers\AthrBT_0x31010000.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00046852 _____ C:\Windows\system32\Drivers\AthrBT_0x11020100.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00045868 _____ C:\Windows\system32\Drivers\AthrBT_0x01020201.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00044028 _____ C:\Windows\system32\Drivers\AthrBT_0x01020200.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00040684 _____ C:\Windows\system32\Drivers\AthrBT_0x31010000_ss01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00040036 _____ C:\Windows\system32\Drivers\AthrBT_0x31010100.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001926 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_0xf0.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001926 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_0x21.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001926 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_0x11.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001926 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001922 _____ C:\Windows\system32\Drivers\ramps_0x31010100_40.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001802 _____ C:\Windows\system32\Drivers\ramps_0x11020100_40_SS01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001802 _____ C:\Windows\system32\Drivers\ramps_0x11020100_40_nf01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001802 _____ C:\Windows\system32\Drivers\ramps_0x11020100_40.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001796 _____ C:\Windows\system32\Drivers\ramps_0x11020000_40.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001516 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_SS01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001516 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_LV01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001516 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_0xf1.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001516 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_0x22.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001516 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_0x12.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001516 _____ C:\Windows\system32\Drivers\ramps_0x31010000_40_0x01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001512 _____ C:\Windows\system32\Drivers\ramps_0x31010100_40_0x01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001242 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001228 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x04.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001214 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x03.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001204 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x02.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001204 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001198 _____ C:\Windows\system32\Drivers\ramps_0x01020200_26.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00001192 _____ C:\Windows\system32\Drivers\ramps_0x01020200_26_0x01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000296 _____ C:\Windows\system32\Drivers\ramps_0x01020201_40_0x01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000278 _____ C:\Windows\system32\Drivers\ramps_0x01020201_40_0x04.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000264 _____ C:\Windows\system32\Drivers\ramps_0x01020201_40_0x03.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000264 _____ C:\Windows\system32\Drivers\ramps_0x01020201_40_0x02.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000264 _____ C:\Windows\system32\Drivers\ramps_0x01020201_40.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000264 _____ C:\Windows\system32\Drivers\ramps_0x01020201_26_0x01.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000264 _____ C:\Windows\system32\Drivers\ramps_0x01020201_26.dfu
2015-08-15 11:48 - 2015-08-15 11:48 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-08-15 11:48 - 2015-08-05 22:36 - 21874176 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-08-15 11:48 - 2015-08-05 22:03 - 18805248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-08-15 11:48 - 2015-08-03 23:21 - 16709120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-15 11:48 - 2015-08-03 23:10 - 13025792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-15 11:48 - 2015-08-02 22:18 - 08613200 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2015-08-15 11:48 - 2015-08-02 22:13 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-15 11:48 - 2015-08-02 21:56 - 06878256 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-15 11:48 - 2015-08-02 21:24 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-15 11:48 - 2015-08-02 21:12 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-15 11:48 - 2015-07-29 23:49 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-15 11:48 - 2015-07-28 13:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-15 11:48 - 2015-07-26 01:13 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2015-08-15 11:48 - 2015-07-21 23:54 - 14241792 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-08-15 11:47 - 2015-08-12 04:57 - 02178560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-08-15 11:47 - 2015-08-12 04:22 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-08-15 11:47 - 2015-08-08 03:30 - 08020320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-15 11:47 - 2015-08-08 03:29 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-15 11:47 - 2015-08-08 03:19 - 00608936 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-08-15 11:47 - 2015-08-08 03:01 - 01533496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-15 11:47 - 2015-08-08 02:48 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-08-15 11:47 - 2015-08-08 02:40 - 00365056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-15 11:47 - 2015-08-08 02:24 - 02415104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-15 11:47 - 2015-08-08 02:24 - 01679360 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-15 11:47 - 2015-08-08 02:22 - 01105920 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-15 11:47 - 2015-08-08 02:21 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll
2015-08-15 11:47 - 2015-08-08 02:15 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-15 11:47 - 2015-08-08 02:00 - 01985024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-15 11:47 - 2015-08-05 23:18 - 00290768 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2015-08-15 11:47 - 2015-08-05 23:17 - 00237392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2015-08-15 11:47 - 2015-08-05 23:17 - 00200528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2015-08-15 11:47 - 2015-08-05 22:22 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2015-08-15 11:47 - 2015-08-05 00:49 - 00783112 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2015-08-15 11:47 - 2015-08-05 00:29 - 00644128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-08-15 11:47 - 2015-08-05 00:03 - 02416640 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-08-15 11:47 - 2015-08-05 00:00 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2015-08-15 11:47 - 2015-08-04 23:54 - 01274880 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-08-15 11:47 - 2015-08-04 23:47 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-08-15 11:47 - 2015-08-04 23:47 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-08-15 11:47 - 2015-08-04 23:43 - 01916416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-08-15 11:47 - 2015-08-04 23:39 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2015-08-15 11:47 - 2015-08-04 00:08 - 02462648 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-08-15 11:47 - 2015-08-04 00:07 - 00102752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-15 11:47 - 2015-08-04 00:06 - 00583128 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-08-15 11:47 - 2015-08-04 00:06 - 00243248 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-08-15 11:47 - 2015-08-03 23:50 - 02151208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-08-15 11:47 - 2015-08-03 23:23 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2015-08-15 11:47 - 2015-08-03 22:59 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2015-08-15 11:47 - 2015-08-03 22:47 - 00898560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2015-08-15 11:47 - 2015-08-02 22:32 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2015-08-15 11:47 - 2015-08-02 22:28 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2015-08-15 11:47 - 2015-08-02 22:19 - 00505696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2015-08-15 11:47 - 2015-08-02 22:19 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-08-15 11:47 - 2015-08-02 22:18 - 01983840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-08-15 11:47 - 2015-08-02 22:18 - 00594472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2015-08-15 11:47 - 2015-08-02 22:18 - 00046432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpiowin32.sys
2015-08-15 11:47 - 2015-08-02 22:17 - 00516960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-08-15 11:47 - 2015-08-02 22:17 - 00052264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2015-08-15 11:47 - 2015-08-02 22:12 - 00801632 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2015-08-15 11:47 - 2015-08-02 21:50 - 20857848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-15 11:47 - 2015-08-02 21:49 - 00700256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2015-08-15 11:47 - 2015-08-02 21:31 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2015-08-15 11:47 - 2015-08-02 21:30 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_UserAccount.dll
2015-08-15 11:47 - 2015-08-02 21:24 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2015-08-15 11:47 - 2015-08-02 21:24 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2015-08-15 11:47 - 2015-08-02 21:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModelShim.dll
2015-08-15 11:47 - 2015-08-02 21:23 - 02446336 _____ C:\Windows\system32\InputService.dll
2015-08-15 11:47 - 2015-08-02 21:23 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2015-08-15 11:47 - 2015-08-02 21:22 - 01601536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2015-08-15 11:47 - 2015-08-02 21:22 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-08-15 11:47 - 2015-08-02 21:22 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2015-08-15 11:47 - 2015-08-02 21:22 - 00293376 _____ C:\Windows\system32\TextInputFramework.dll
2015-08-15 11:47 - 2015-08-02 21:21 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\coredpus.dll
2015-08-15 11:47 - 2015-08-02 21:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-15 11:47 - 2015-08-02 21:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-15 11:47 - 2015-08-02 21:18 - 12503552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-15 11:47 - 2015-08-02 21:18 - 03780096 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-08-15 11:47 - 2015-08-02 21:18 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2015-08-15 11:47 - 2015-08-02 21:18 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\NetworkStatus.dll
2015-08-15 11:47 - 2015-08-02 21:15 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2015-08-15 11:47 - 2015-08-02 21:15 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-08-15 11:47 - 2015-08-02 21:15 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2015-08-15 11:47 - 2015-08-02 21:15 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2015-08-15 11:47 - 2015-08-02 21:15 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2015-08-15 11:47 - 2015-08-02 21:15 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\WinBioDataModel.dll
2015-08-15 11:47 - 2015-08-02 21:14 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-15 11:47 - 2015-08-02 21:14 - 00247808 _____ C:\Windows\system32\facecredentialprovider.dll
2015-08-15 11:47 - 2015-08-02 21:12 - 01890304 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-15 11:47 - 2015-08-02 21:12 - 01823232 _____ C:\Windows\SysWOW64\InputService.dll
2015-08-15 11:47 - 2015-08-02 21:12 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2015-08-15 11:47 - 2015-08-02 21:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2015-08-15 11:47 - 2015-08-02 21:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2015-08-15 11:47 - 2015-08-02 21:11 - 00200704 _____ C:\Windows\SysWOW64\TextInputFramework.dll
2015-08-15 11:47 - 2015-08-02 21:10 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2015-08-15 11:47 - 2015-08-02 21:06 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-15 11:47 - 2015-08-02 21:03 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2015-08-15 11:47 - 2015-08-02 21:02 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2015-08-15 11:47 - 2015-08-02 21:02 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-15 11:47 - 2015-08-02 21:01 - 11262464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-15 11:47 - 2015-08-02 21:00 - 01593856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-15 11:47 - 2015-08-02 20:59 - 00752640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2015-08-15 11:47 - 2015-07-30 02:24 - 01561872 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-08-15 11:47 - 2015-07-30 02:23 - 00527952 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-08-15 11:47 - 2015-07-30 02:21 - 00816576 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-08-15 11:47 - 2015-07-30 02:17 - 01200400 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-15 11:47 - 2015-07-30 02:17 - 01025840 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2015-08-15 11:47 - 2015-07-30 02:16 - 02147080 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2015-08-15 11:47 - 2015-07-30 02:15 - 00632168 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-08-15 11:47 - 2015-07-30 02:14 - 00333168 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2015-08-15 11:47 - 2015-07-30 02:09 - 01562968 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-08-15 11:47 - 2015-07-30 02:06 - 01043872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-08-15 11:47 - 2015-07-30 02:05 - 02498808 _____ C:\Windows\system32\CoreUIComponents.dll
2015-08-15 11:47 - 2015-07-30 02:05 - 00501008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-08-15 11:47 - 2015-07-30 02:04 - 01396064 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-08-15 11:47 - 2015-07-30 02:03 - 02116448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-08-15 11:47 - 2015-07-30 01:24 - 00252768 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2015-08-15 11:47 - 2015-07-30 00:42 - 01643872 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-15 11:47 - 2015-07-30 00:29 - 00705520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-15 11:47 - 2015-07-30 00:26 - 01867160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2015-08-15 11:47 - 2015-07-30 00:26 - 00877016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-08-15 11:47 - 2015-07-30 00:25 - 01356368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-08-15 11:47 - 2015-07-30 00:25 - 00713312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2015-08-15 11:47 - 2015-07-30 00:24 - 01769056 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-08-15 11:47 - 2015-07-30 00:24 - 00445240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-08-15 11:47 - 2015-07-30 00:24 - 00407616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-08-15 11:47 - 2015-07-30 00:24 - 00285632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2015-08-15 11:47 - 2015-07-30 00:22 - 00896144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2015-08-15 11:47 - 2015-07-30 00:22 - 00507696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-08-15 11:47 - 2015-07-30 00:21 - 00962400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-08-15 11:47 - 2015-07-30 00:12 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2015-08-15 11:47 - 2015-07-30 00:12 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2015-08-15 11:47 - 2015-07-30 00:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2015-08-15 11:47 - 2015-07-30 00:08 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-08-15 11:47 - 2015-07-30 00:08 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2015-08-15 11:47 - 2015-07-30 00:08 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2015-08-15 11:47 - 2015-07-29 23:59 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2015-08-15 11:47 - 2015-07-29 23:52 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-08-15 11:47 - 2015-07-29 23:52 - 00521216 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2015-08-15 11:47 - 2015-07-29 23:52 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2015-08-15 11:47 - 2015-07-29 23:49 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-08-15 11:47 - 2015-07-29 23:49 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-15 11:47 - 2015-07-29 23:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-08-15 11:47 - 2015-07-29 23:46 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-08-15 11:47 - 2015-07-29 23:46 - 00487424 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2015-08-15 11:47 - 2015-07-29 23:46 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-08-15 11:47 - 2015-07-29 23:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2015-08-15 11:47 - 2015-07-29 23:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-08-15 11:47 - 2015-07-29 23:44 - 02662400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2015-08-15 11:47 - 2015-07-29 23:44 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-08-15 11:47 - 2015-07-29 23:44 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2015-08-15 11:47 - 2015-07-29 23:44 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2015-08-15 11:47 - 2015-07-29 23:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-08-15 11:47 - 2015-07-29 23:44 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\VoiceActivationManager.dll
2015-08-15 11:47 - 2015-07-29 23:42 - 00518144 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2015-08-15 11:47 - 2015-07-29 23:41 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2015-08-15 11:47 - 2015-07-29 23:41 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2015-08-15 11:47 - 2015-07-29 23:40 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2015-08-15 11:47 - 2015-07-29 23:38 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2015-08-15 11:47 - 2015-07-29 23:38 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2015-08-15 11:47 - 2015-07-29 23:34 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2015-08-15 11:47 - 2015-07-29 23:29 - 00654848 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2015-08-15 11:47 - 2015-07-29 23:15 - 09889792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-15 11:47 - 2015-07-29 23:10 - 00585728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-15 11:47 - 2015-07-29 23:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-15 11:47 - 2015-07-29 23:07 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2015-08-15 11:47 - 2015-07-29 23:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2015-08-15 11:47 - 2015-07-29 23:06 - 00373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2015-08-15 11:47 - 2015-07-29 23:06 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2015-08-15 11:47 - 2015-07-29 23:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VoiceActivationManager.dll
2015-08-15 11:47 - 2015-07-29 23:04 - 01714176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-08-15 11:47 - 2015-07-29 23:04 - 00335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2015-08-15 11:47 - 2015-07-29 22:59 - 00473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2015-08-15 11:47 - 2015-07-29 22:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2015-08-15 11:47 - 2015-07-26 01:16 - 01018568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-08-15 11:47 - 2015-07-26 01:16 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-08-15 11:47 - 2015-07-26 01:15 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-08-15 11:47 - 2015-07-26 01:14 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-08-15 11:47 - 2015-07-26 01:14 - 01123400 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-08-15 11:47 - 2015-07-26 01:06 - 00607008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-08-15 11:47 - 2015-07-26 00:28 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2015-08-15 11:47 - 2015-07-26 00:28 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-08-15 11:47 - 2015-07-25 23:49 - 04760576 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-15 11:47 - 2015-07-25 23:49 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-08-15 11:47 - 2015-07-25 23:47 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-08-15 11:47 - 2015-07-25 23:40 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-08-15 11:47 - 2015-07-25 23:40 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-08-15 11:47 - 2015-07-25 23:39 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-08-15 11:47 - 2015-07-25 23:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll
2015-08-15 11:47 - 2015-07-25 23:38 - 04350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-15 11:47 - 2015-07-25 23:35 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2015-08-15 11:47 - 2015-07-25 23:34 - 00798208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-08-15 11:47 - 2015-07-25 23:30 - 00750592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-08-15 11:47 - 2015-07-25 23:30 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-08-15 11:47 - 2015-07-25 23:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sendmail.dll
2015-08-15 11:47 - 2015-07-23 23:30 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-08-15 11:47 - 2015-07-23 23:18 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2015-08-15 11:47 - 2015-07-23 23:17 - 00991584 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2015-08-15 11:47 - 2015-07-23 23:17 - 00695136 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2015-08-15 11:47 - 2015-07-23 23:17 - 00521568 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2015-08-15 11:47 - 2015-07-23 23:12 - 00584544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2015-08-15 11:47 - 2015-07-23 23:11 - 00845664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2015-08-15 11:47 - 2015-07-23 22:55 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-15 11:47 - 2015-07-23 22:52 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2015-08-15 11:47 - 2015-07-23 22:46 - 02224128 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2015-08-15 11:47 - 2015-07-23 22:46 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-08-15 11:47 - 2015-07-23 22:46 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2015-08-15 11:47 - 2015-07-23 22:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2015-08-15 11:47 - 2015-07-23 22:40 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-08-15 11:47 - 2015-07-23 22:39 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-08-15 11:47 - 2015-07-23 22:34 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2015-08-15 11:47 - 2015-07-23 22:30 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-08-15 11:47 - 2015-07-23 22:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2015-08-15 11:47 - 2015-07-23 22:25 - 01203200 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-08-15 11:47 - 2015-07-23 22:24 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2015-08-15 11:47 - 2015-07-23 22:24 - 01061888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2015-08-15 11:47 - 2015-07-23 22:24 - 00925696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-08-15 11:47 - 2015-07-23 22:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2015-08-15 11:47 - 2015-07-23 22:24 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2015-08-15 11:47 - 2015-07-22 01:18 - 00808856 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2015-08-15 11:47 - 2015-07-22 01:15 - 00565088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2015-08-15 11:47 - 2015-07-22 01:02 - 00966424 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-08-15 11:47 - 2015-07-22 00:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-08-15 11:47 - 2015-07-22 00:02 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-08-15 11:47 - 2015-07-22 00:00 - 02235904 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-15 11:47 - 2015-07-22 00:00 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-15 11:47 - 2015-07-22 00:00 - 00242264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2015-08-15 11:47 - 2015-07-22 00:00 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-08-15 11:47 - 2015-07-21 23:59 - 01773056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-08-15 11:47 - 2015-07-21 23:55 - 01203200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2015-08-15 11:47 - 2015-07-21 23:55 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2015-08-15 11:47 - 2015-07-21 23:53 - 00762896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-08-15 11:47 - 2015-07-21 23:48 - 01334784 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-08-15 11:47 - 2015-07-21 23:46 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2015-08-15 11:47 - 2015-07-21 23:21 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-08-15 11:47 - 2015-07-21 23:13 - 01611264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-08-15 11:47 - 2015-07-21 23:13 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-15 11:47 - 2015-07-21 23:11 - 12589056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-08-15 11:47 - 2015-07-21 23:10 - 00828416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-15 11:47 - 2015-07-21 23:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-15 11:47 - 2015-07-21 23:07 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-08-15 11:47 - 2015-07-21 23:04 - 01112064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-08-15 11:47 - 2015-07-21 23:03 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2015-08-15 11:47 - 2015-07-21 22:50 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2015-08-15 11:47 - 2015-07-19 00:04 - 00658568 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2015-08-15 11:47 - 2015-07-18 23:54 - 01168736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-15 11:47 - 2015-07-18 23:23 - 00505344 _____ C:\Windows\system32\EditionUpgradeManagerObj.dll
2015-08-15 11:47 - 2015-07-18 23:18 - 00430592 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2015-08-15 11:47 - 2015-07-18 23:12 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-08-15 11:47 - 2015-07-18 23:02 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2015-08-15 11:47 - 2015-07-18 22:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2015-08-15 11:47 - 2015-07-18 04:48 - 00916800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-08-15 11:47 - 2015-07-18 04:47 - 00082616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcd.dll
2015-08-15 11:47 - 2015-07-18 03:43 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2015-08-15 11:47 - 2015-07-18 03:39 - 00448512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-08-15 11:47 - 2015-07-18 03:37 - 01043968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Editing.dll
2015-08-15 11:47 - 2015-07-18 03:29 - 03443200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2015-08-15 11:47 - 2015-07-18 03:28 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2015-08-15 11:47 - 2015-07-18 03:28 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-15 11:47 - 2015-07-18 03:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2015-08-15 11:47 - 2015-07-18 01:18 - 01085776 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-08-15 11:47 - 2015-07-18 01:17 - 00097128 _____ (Microsoft Corporation) C:\Windows\system32\bcd.dll
2015-08-15 11:47 - 2015-07-18 01:02 - 00290312 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-08-15 11:47 - 2015-07-18 00:06 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
2015-08-15 11:47 - 2015-07-18 00:01 - 00562688 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2015-08-15 11:47 - 2015-07-17 23:59 - 01411072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Editing.dll
2015-08-15 11:47 - 2015-07-17 23:59 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\DevicesFlowBroker.dll
2015-08-15 11:47 - 2015-07-17 23:52 - 04169728 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-08-15 11:47 - 2015-07-17 23:50 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2015-08-15 11:47 - 2015-07-17 23:50 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-15 11:47 - 2015-07-17 23:49 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2015-08-15 11:47 - 2015-07-17 23:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2015-08-15 11:47 - 2015-07-17 23:49 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2015-08-15 11:47 - 2015-07-17 23:48 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-08-15 11:47 - 2015-07-17 23:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2015-08-15 11:47 - 2015-07-17 23:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-08-15 11:47 - 2015-07-17 00:23 - 00934752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refsv1.sys
2015-08-15 11:47 - 2015-07-17 00:13 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-08-15 11:47 - 2015-07-17 00:12 - 00630160 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-08-15 11:47 - 2015-07-17 00:07 - 00425824 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-08-15 11:47 - 2015-07-16 22:39 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2015-08-15 11:47 - 2015-07-16 22:39 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-15 11:47 - 2015-07-16 22:36 - 07569408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2015-08-15 11:47 - 2015-07-16 22:33 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2015-08-15 11:47 - 2015-07-16 22:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\omadmprc.exe
2015-08-15 11:47 - 2015-07-16 22:32 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-08-15 11:47 - 2015-07-16 22:31 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-15 11:47 - 2015-07-16 22:26 - 07051264 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2015-08-15 11:47 - 2015-07-16 22:26 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2015-08-15 11:47 - 2015-07-16 22:24 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2015-08-15 11:47 - 2015-07-16 22:21 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2015-08-15 11:47 - 2015-07-16 22:19 - 02558976 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-08-15 11:47 - 2015-07-16 22:19 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2015-08-15 11:47 - 2015-07-16 22:19 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2015-08-15 11:47 - 2015-07-16 22:18 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-08-15 11:47 - 2015-07-16 22:16 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2015-08-15 11:47 - 2015-07-16 22:05 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2015-08-15 11:47 - 2015-07-16 22:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-15 11:47 - 2015-07-16 21:56 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2015-08-15 11:47 - 2015-07-16 21:53 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2015-08-15 11:47 - 2015-07-16 21:51 - 05076480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2015-08-15 11:47 - 2015-07-16 21:50 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2015-08-15 11:47 - 2015-07-16 21:46 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-08-15 11:47 - 2015-07-16 21:44 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-08-15 11:47 - 2015-07-16 01:39 - 00061280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-08-15 11:47 - 2015-07-16 01:11 - 03620736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-15 11:47 - 2015-07-16 00:55 - 02878000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-15 11:47 - 2015-07-16 00:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2015-08-15 11:47 - 2015-07-16 00:04 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2015-08-15 11:47 - 2015-07-16 00:03 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.OneCore.dll
2015-08-15 11:47 - 2015-07-16 00:01 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-15 11:47 - 2015-07-15 23:54 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2015-08-15 11:47 - 2015-07-15 23:47 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2015-08-15 11:47 - 2015-07-15 23:45 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-08-15 11:47 - 2015-07-15 23:44 - 02741760 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-15 11:47 - 2015-07-15 23:43 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-15 11:47 - 2015-07-15 23:41 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2015-08-15 11:47 - 2015-07-15 23:40 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-08-15 11:47 - 2015-07-15 23:36 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV2.dll
2015-08-15 11:47 - 2015-07-15 23:35 - 01521664 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2015-08-15 11:47 - 2015-07-15 23:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\srumsvc.dll
2015-08-15 11:47 - 2015-07-15 23:32 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-08-15 11:47 - 2015-07-15 23:29 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-15 11:47 - 2015-07-15 23:27 - 02207744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-15 11:47 - 2015-07-15 23:19 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumsvc.dll
2015-08-15 11:47 - 2015-07-14 23:21 - 01365072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-15 11:47 - 2015-07-14 22:49 - 01591856 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-15 11:47 - 2015-07-14 22:49 - 00325984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2015-08-15 11:47 - 2015-07-14 22:41 - 01135312 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2015-08-15 11:47 - 2015-07-14 22:22 - 02112512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-15 11:47 - 2015-07-14 22:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2015-08-15 11:47 - 2015-07-14 22:04 - 00032768 _____ C:\Windows\system32\LicenseManagerApi.dll
2015-08-15 11:47 - 2015-07-14 21:59 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2015-08-15 11:47 - 2015-07-14 21:57 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\OmaDmAgent.dll
2015-08-15 11:47 - 2015-07-14 21:47 - 04611584 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-15 11:47 - 2015-07-14 21:41 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2015-08-15 11:47 - 2015-07-14 21:37 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.ProxyStub.dll
2015-08-15 11:47 - 2015-07-14 21:35 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\unenrollhook.dll
2015-08-15 11:47 - 2015-07-14 21:27 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-15 11:47 - 2015-07-13 23:00 - 00208736 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-08-15 11:47 - 2015-07-13 22:37 - 00181088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-08-15 11:47 - 2015-07-13 22:04 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2015-08-15 11:47 - 2015-07-13 21:51 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2015-08-15 11:47 - 2015-07-13 21:50 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2015-08-15 11:47 - 2015-07-13 21:49 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2015-08-15 11:47 - 2015-07-13 21:38 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-08-15 11:47 - 2015-07-13 21:31 - 00420352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2015-08-15 11:47 - 2015-07-13 21:20 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2015-08-15 11:47 - 2015-07-12 20:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2015-08-15 11:47 - 2015-07-12 19:30 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2015-08-15 11:47 - 2015-07-11 20:38 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2015-08-15 11:47 - 2015-07-11 20:25 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\SensorDataService.exe
2015-08-15 11:47 - 2015-07-11 20:18 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2015-08-15 11:47 - 2015-07-11 19:46 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2015-08-15 11:47 - 2015-07-10 21:28 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2015-08-15 11:47 - 2015-07-10 21:22 - 00403968 _____ C:\Windows\system32\diagtrack_wininternal.dll
2015-08-15 11:47 - 2015-07-10 21:21 - 00412672 _____ C:\Windows\system32\diagtrack_win.dll
2015-08-15 11:47 - 2015-07-10 21:17 - 06305792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-08-15 11:47 - 2015-07-10 21:07 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2015-08-15 11:47 - 2015-07-10 21:05 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2015-08-15 11:47 - 2015-07-10 21:04 - 03362816 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-15 11:47 - 2015-07-10 21:03 - 07523328 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-08-15 11:47 - 2015-07-10 21:03 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-08-15 11:47 - 2015-07-10 21:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-15 11:47 - 2015-07-10 21:02 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-15 11:47 - 2015-07-10 21:01 - 04791296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-15 11:47 - 2015-07-10 20:57 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2015-08-15 11:47 - 2015-07-10 20:51 - 04398080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-08-15 11:47 - 2015-07-10 20:43 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-15 11:47 - 2015-07-10 20:42 - 00191488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2015-08-15 11:47 - 2015-07-10 20:41 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-08-15 11:47 - 2015-07-10 20:41 - 03687936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-15 11:47 - 2015-07-10 20:40 - 03579904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-15 11:47 - 2015-07-10 20:40 - 02606080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-08-15 11:47 - 2015-07-10 20:40 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-15 11:47 - 2015-07-10 20:34 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2015-08-15 11:47 - 2015-07-10 11:51 - 00823336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-08-15 11:47 - 2015-07-10 11:47 - 00265480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-08-15 11:47 - 2015-07-10 11:00 - 01101792 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-08-15 11:47 - 2015-07-10 10:52 - 00335248 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-15 11:47 - 2015-07-10 06:59 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_SignInOptions.dll
2015-08-15 11:47 - 2015-07-10 06:42 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hmkd.dll
2015-08-15 11:47 - 2015-07-10 06:10 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\hmkd.dll
2015-08-15 11:47 - 2015-07-10 06:05 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2015-08-15 11:47 - 2015-07-10 05:53 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2015-08-15 11:47 - 2015-07-10 05:35 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-08-15 11:47 - 2015-07-10 05:31 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-08-15 11:47 - 2015-07-10 05:29 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 22914032 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 17846768 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 12334064 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 11905424 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 11053040 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 10574976 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 08528880 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 06512112 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 04636608 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 04371872 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 04368288 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 04024368 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 03797960 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-08-15 11:46 - 2015-08-15 11:46 - 03668768 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2015-08-15 11:46 - 2015-08-15 11:46 - 02508272 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 02035696 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 01994224 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 01793008 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 01766896 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 01468976 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 01155984 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 01151832 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00969120 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00865328 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00678896 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00659504 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00632816 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00616496 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00555424 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00554912 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00540064 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00467688 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00443296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00409504 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00408992 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00393632 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00392688 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00385520 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00378816 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00374256 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00357936 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00329200 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00328608 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00295408 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00290208 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00285168 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00264176 _____ C:\Windows\system32\igfxCPL.cpl
2015-08-15 11:46 - 2015-08-15 11:46 - 00261104 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00256928 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00232944 _____ C:\Windows\system32\igdde64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00229648 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00228848 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00223792 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00204192 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00199080 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00194544 _____ C:\Windows\SysWOW64\igdde32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00194352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00193520 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00191984 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4252.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00191024 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00187844 _____ C:\Windows\system32\resTHA.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00180644 _____ C:\Windows\system32\resELL.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00176500 _____ C:\Windows\system32\resRUS.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00170992 _____ C:\Windows\system32\igdail64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00169352 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00164256 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-08-15 11:46 - 2015-08-15 11:46 - 00163824 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00162356 _____ C:\Windows\system32\resARA.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00161812 _____ C:\Windows\system32\resHEB.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00161764 _____ C:\Windows\system32\resJPN.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00157172 _____ C:\Windows\system32\resFRA.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00157156 _____ C:\Windows\system32\resHUN.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00155460 _____ C:\Windows\system32\resKOR.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00155364 _____ C:\Windows\system32\resITA.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00155364 _____ C:\Windows\system32\resDEU.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00155204 _____ C:\Windows\system32\resROM.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00155092 _____ C:\Windows\system32\resESN.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00154660 _____ C:\Windows\system32\resPLK.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00154532 _____ C:\Windows\system32\resSKY.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00154324 _____ C:\Windows\system32\resNLD.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00153764 _____ C:\Windows\system32\resPTB.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00153636 _____ C:\Windows\system32\resTRK.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00153604 _____ C:\Windows\system32\resCSY.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00153476 _____ C:\Windows\system32\resPTG.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00153060 _____ C:\Windows\system32\resFIN.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00152628 _____ C:\Windows\system32\resHRV.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00152560 _____ C:\Windows\SysWOW64\igdail32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00152164 _____ C:\Windows\system32\resSVE.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00152004 _____ C:\Windows\system32\resSLV.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00151060 _____ C:\Windows\system32\resNOR.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00150548 _____ C:\Windows\system32\resDAN.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00149236 _____ C:\Windows\system32\resENU.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00147460 _____ C:\Windows\system32\resCHT.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00146628 _____ C:\Windows\system32\resCHS.cui
2015-08-15 11:46 - 2015-08-15 11:46 - 00141872 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00107568 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00102896 _____ C:\Windows\system32\IccLibDll_x64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00095216 _____ C:\Windows\system32\igfxCUIServicePS.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00078320 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00072688 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-08-15 11:46 - 2015-08-15 11:46 - 00072688 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00069104 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2015-08-15 11:46 - 2015-08-15 11:46 - 00069104 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00068080 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00040704 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00039408 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00019440 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00018928 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00018928 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00018928 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00013808 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00013808 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-08-15 11:46 - 2015-08-15 11:46 - 00002564 _____ C:\Windows\system32\iglhxs64.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00001125 _____ C:\Windows\system32\iglhxa64.vp
2015-08-15 11:46 - 2015-08-15 11:46 - 00000000 ____D C:\Program Files\Intel
2015-08-15 11:46 - 2015-08-15 11:46 - 00000000 ____D C:\Program Files (x86)\Intel
2015-08-15 11:46 - 2015-08-15 11:46 - 00000000 ____D C:\Intel
2015-08-15 11:44 - 2015-08-15 11:44 - 09898720 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-08-15 11:44 - 2015-08-15 11:44 - 00410848 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2015-08-15 11:44 - 2015-08-15 11:44 - 00091872 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2015-08-15 11:44 - 2015-08-15 11:44 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-08-15 11:43 - 2015-08-15 14:07 - 00002336 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-15 11:43 - 2015-08-15 14:07 - 00000000 ___RD C:\Users\David\OneDrive
2015-08-15 11:42 - 2015-08-15 11:43 - 00000000 ____D C:\Users\David\AppData\Local\MicrosoftEdge
2015-08-15 11:42 - 2015-08-15 11:42 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-15 11:41 - 2015-08-16 02:25 - 00000000 ____D C:\Users\David
2015-08-15 11:41 - 2015-08-15 12:01 - 00000000 ____D C:\Users\David\AppData\Local\Packages
2015-08-15 11:41 - 2015-08-15 11:41 - 00849474 _____ C:\Windows\system32\Drivers\rtwavesskdy.dat
2015-08-15 11:41 - 2015-08-15 11:41 - 00188557 _____ C:\Windows\system32\Drivers\RTWAVES40.dat
2015-08-15 11:41 - 2015-08-15 11:41 - 00031095 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2015-08-15 11:41 - 2015-08-15 11:41 - 00016148 _____ C:\Windows\system32\DESKTOP-RMJTNP7_defaultuser0_HistoryPrediction.bin
2015-08-15 11:41 - 2015-08-15 11:41 - 00010945 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2015-08-15 11:41 - 2015-08-15 11:41 - 00003218 _____ C:\Windows\System32\Tasks\RtHDVBg_PushButton
2015-08-15 11:41 - 2015-08-15 11:41 - 00000020 ___SH C:\Users\David\ntuser.ini
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ___RD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ____D C:\Users\David\AppData\Local\TileDataLayer
2015-08-15 11:41 - 2015-08-15 11:41 - 00000000 ____D C:\Users\David\AppData\Local\Publishers
2015-08-15 11:41 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-15 11:41 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-15 11:41 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-15 11:41 - 2015-07-10 07:04 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-15 11:40 - 2015-08-15 11:40 - 72121872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2015-08-15 11:40 - 2015-08-15 11:40 - 13119736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 12013416 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-08-15 11:40 - 2015-08-15 11:40 - 04509440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-15 11:40 - 2015-08-15 11:40 - 03700360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2015-08-15 11:40 - 2015-08-15 11:40 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 03232448 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 02965120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 02926848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 02880873 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-08-15 11:40 - 2015-08-15 11:40 - 02711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-15 11:40 - 2015-08-15 11:40 - 02050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01975016 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01757440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01740480 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01395760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01330824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01211832 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00998032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00914024 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00768816 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00678184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00645456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00642928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00577840 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00574248 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00410032 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00203560 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00176968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00164432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00074608 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00069928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-08-15 11:40 - 2015-08-15 11:40 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-15 11:40 - 2015-08-15 11:40 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-08-15 11:40 - 2015-08-15 11:40 - 00000000 ____D C:\Program Files\Realtek
2015-08-15 11:39 - 2015-08-15 11:39 - 00062784 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 20:41 - 2015-07-10 08:22 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-08-17 20:26 - 2015-07-10 08:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-17 20:26 - 2015-07-10 05:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2015-08-17 19:43 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\sru
2015-08-17 09:22 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\AppReadiness
2015-08-17 09:17 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\appcompat
2015-08-15 16:22 - 2015-07-10 08:20 - 00009478 _____ C:\Windows\setupact.log
2015-08-15 16:21 - 2015-07-10 06:55 - 00000000 ____D C:\Windows\CbsTemp
2015-08-15 15:58 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2015-08-15 15:44 - 2015-07-10 07:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-15 15:21 - 2015-07-10 07:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-08-15 14:26 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-15 14:24 - 2015-07-10 07:05 - 00002133 _____ C:\Windows\DtcInstall.log
2015-08-15 14:24 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-15 14:24 - 2015-07-10 05:05 - 00000000 ____D C:\Windows\system32\Sysprep
2015-08-15 14:23 - 2015-07-10 05:05 - 00000000 __RHD C:\Users\Default
2015-08-15 14:04 - 2015-07-10 08:20 - 00189240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\oobe
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-15 14:03 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\Provisioning
2015-08-15 14:03 - 2015-07-10 05:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-08-15 14:03 - 2015-07-10 05:05 - 00000000 ____D C:\Windows\system32\Dism
2015-08-15 12:04 - 2015-07-10 05:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2015-08-15 11:41 - 2015-07-10 07:04 - 00000000 ___RD C:\Windows\PrintDialog
2015-08-15 11:41 - 2015-07-10 07:04 - 00000000 ___RD C:\Windows\MiracastView
2015-08-15 11:38 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\rescache
2015-08-08 11:38 - 2015-07-10 07:06 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 11:38 - 2015-07-10 07:06 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-08-15 11:41 - 2015-08-15 11:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-15 14:23
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 22 August 2015 - 06:23 AM

Hello dave89,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

I will need some time to review the logs you provided. When ready, I will be back with further instructions.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 22 August 2015 - 12:15 PM

Hello dave89,

After reviewing the logs you provided, there doesn't seen to be anything malicious present on the system. Do you experience any other problems with the system, including malfunctioning or misbehavior? Even though everything looks OK, I want to run one additional scan of the system to check if there is something hiding from us.

Please, start Malwarebytes' Anti-Malware.

  • When started, please, open the Scan tab and press the Scan now>>> button.
  • In Custom Scanning Options section uncheck everything and check Scan for Rootkits​
  • Do not select a drive letter. When ready push the Scan now button.​​
  • You will be automatically prompted to update the software.
  • Push the Update Now button so the definitions can be downloaded.

Note: If you are prompted that there is new version of the software ready to install, please, choose OK. Install the latest version of Malwarebytes' Anti-Malware and repeat the steps above.

  • When the scanning process has completed, please choose Cancel.
  • Choose Yes on the prompted message.
  • Click the History Tab at the top and select Application Logs.
  • Double-click on the log which shows the date and time of the scan just performed.
  • Click Copy to Clipboard at the bottom and paste the content of the file in your next reply.

Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#4 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 25 August 2015 - 01:14 PM

Hello dave89,

 

It's been almost three days without a reply from you. Are you with me? Do you experience any additional problems? Please, remember than after two more days of inactivity, the topic will be closed.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#5 dave89

dave89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 27 August 2015 - 01:45 PM

Yes, apologies for the delay. I have been away. I'll run the program and get back to you once it finishes.

 

Update: Scan finished, 0 objects detected. The file uploader isn't working for me so I'll post the results below:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/27/2015
Scan Time: 2:47 PM
Logfile: scan.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.27.04
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: David
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 281500
Time Elapsed: 1 min, 36 sec
 
Memory: Disabled
Startup: Disabled
Filesystem: Disabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by dave89, 27 August 2015 - 02:07 PM.


#6 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 28 August 2015 - 01:12 PM

Hello dave89,

 

The results are good. At this stage I want to know how is the system running. Are there any additional problems you are experiencing? Don't hesitate asking any questions related to the state of the machine.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#7 dave89

dave89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 29 August 2015 - 03:02 AM

I seem to be getting more errors messages and programs like chrome fail to launch, but I'm not sure if it's related to the previous infection. Major symptoms seem to have gone now, but I can't see a reason for why the malware would go away on it's own.



#8 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 29 August 2015 - 06:43 AM

Hello dave89,

 

Can you write-down the exact information given from these errors? Alternatively, you can make a screenshot of those errors and post them in your next reply. Here you can find information how to do that using the in-build Snipping Tool. Do these errors pop-up only for a certain software?

 

********************

 

Note: The instructions below can be used for any browser except Internet Explorer.

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your Desktop.
  • Double-click on the file  you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the Start button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#9 dave89

dave89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 30 August 2015 - 02:20 AM

I ran the scanner and it came up with 1 detection, my computer crashed before I could export the results, but I managed to find the log files (attached below).

 

I am getting a lot of memory based errors. An error I got a few days ago was "Failed to connect to group policy" saying something like administrative access disabled. Then chrome wouldn't launch at all when I clicked it, after around 10 minutes or so it would suddenly appear, after I gave up and went to edge. As of late I have been constantly getting Windows is low on memory errors, telling me to close programs, even though hardly anything is open. The only time I encountered this error before the infection was when I had around 50 tabs open (forgot I had another window open) and two games running at the same time. I just started windows again after the crash and my wallpaper had been deleted and replaced with a black background like the one in safemode. 

I also checked task manager when I received the low memory error message and there were no processes taking up large amounts of memory at all.

Attached Files


Edited by dave89, 30 August 2015 - 02:27 AM.


#10 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 30 August 2015 - 08:18 AM

Hello dave89,

 

An error I got a few days ago was "Failed to connect to group policy" saying something like administrative access disabled.

When did you get that error - right after startup or during normal work with the system?

I just started windows again after the crash and my wallpaper had been deleted and replaced with a black background like the one in safemode. 

Are you able to change the wallpaper by yourself again? Such issues may appear after certain system instabilities.

 also checked task manager when I received the low memory error message and there were no processes taking up large amounts of memory at all.

It is not that unusual as it may seem. First, did you only upgrade to Windows 10 or did a clean install right afterwards? Please, follow the steps below:

  • Start again Task Manager and go to Performance tab.
  • Select Memory on the left pane. When the data appears, please, make a screenshot as described earlier. Do not close the window.
  • Push Open Resource Monitor option which can be found at the bottom of the window.
  • Go to Memory tab and arrange the processes to descending order on the Private (KB) row. The can be done by clicking over the row's name.
  • When ready, please, make a screenshot and attach it to your next reply.
  • You may now close the windows.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#11 dave89

dave89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 30 August 2015 - 09:37 AM

I got the error during startup and the wallpaper seems changeable.
 
While I don't have the memory error currently, the memory usage seems abnormally high compared to the running processes. The memory graph shows almost 3Gbs of usage while the added total of the processes seems less than half of that using quick estimation.
Imgur mirror to processlist since it seems too large: imgur.com/htGzUkO.png A few processes seem repeated due to poor editing.

Attached Files


Edited by dave89, 30 August 2015 - 09:49 AM.


#12 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 31 August 2015 - 11:46 AM

Hello dave89,

 

Thank you for the provided feedback. It showed the information I needed. In Windows 8 and above, the memory graph in the Task Manager shows the total amount of Working Set memory used by system process. It is a little more different value than the one shown in the Details tab which is Private Working Set. More information can be found here. Because of that, I needed the data from Resource Monitor. If you look at the screenshot you provided, you may see that Google Chrome's processes Working Sets take approximately 1,5GB of physical RAM. That, combined with the rest of the processes present and the hardware-reserved amount match the value shown in the Task Manager. As far as I can see, you are using the 64-bit version of Google's browser which, by design, uses more RAM. I suspected that there may be a non-paged pool leak, often met when using unstable kernel-mode drivers, but this is not the case here.

 

About the first problem present, I saw that there had been such errors before time on earlier versions of Microsoft's operating system. Multiple topics can be found in the TechNet forums and in some of them, there are suggestions for fixing the problem you encountered. Please, look at this and that topics. The suggestion here proved to be useful for large number of people.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#13 dave89

dave89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 01 September 2015 - 09:50 PM

I never seemed to have this memory problem before, even after I had upgraded to windows 10 it was fine for the first few weeks.

 

The error seemed to be a one time thing and I never got them again.



#14 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 02 September 2015 - 01:26 PM

Hello dave89,

 

I never seemed to have this memory problem before, even after I had upgraded to windows 10 it was fine for the first few weeks.

The case we were investigating here showed us that the high usage of RAM was caused by third-party software (Google Chrome). Of course, at other moments, the high usage of RAM may be caused by totally different element from the operating system or third-party software. To that moment, we can only guess, at least until we are able to capture new data which can show us the other sources of the problem explained. I can advise you to try another third-party browser, like Mozilla Firefox, or the in-build browsers in Windows 10 (Microsoft Edge and Internet Explorer, preferably IE).

 

As an addition, I can say that, although it was released almost month and a half ago, Windows 10 is still new operating system. While some people may not experience any issues with it, there are still chances for possible software conflicts, driver malfunction and etc.

 

The one thing we know right now is that there is no malware present on the system. Are there any other issues beside the one we are discussing?


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#15 dave89

dave89
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 03 September 2015 - 12:55 PM

Just a quick question regarding the objects malwarebytes picked up in the previous thread: http://www.bleepingcomputer.com/forums/t/586645/persistent-malware/#entry3792473

 

Was there any legitimate need for concern about these objects or could they just have been false positives? If not, just curious how it survived a format.

 

Other than that I have no further questions. Thanks for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users