Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Physical Memory and Jumping Cpu usage under performance tab in task manager


  • This topic is locked This topic is locked
13 replies to this topic

#1 belthagor

belthagor

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 26 February 2016 - 10:25 AM

After a format, I began having this problem, and the size of my windows 7 folder is 26 gb, somehow. I think it is slowly increasing in size.

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Lenovo (administrator) on LENOVO-PC (26-02-2016 07:20:00)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKU\S-1-5-21-9162698-3945797522-1917429532-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-9162698-3945797522-1917429532-1000\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14439584 2014-10-15] (Gadwin Systems)
HKU\S-1-5-21-9162698-3945797522-1917429532-1000\...\MountPoints2: {6ed8b1ed-d521-11e5-8a3d-6c0b84410096} - E:\LaunchU3.exe
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{53F4485D-24E0-478E-BE45-FB3442186B98}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-01-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\znylauts.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\znylauts.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-02-18] (EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2015-02-09] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-15] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160225.001\IDSvia64.sys [767224 2016-02-12] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160225.020\ENG64.SYS [138488 2016-02-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160225.020\EX64.SYS [2148080 2016-02-15] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 07:20 - 2016-02-26 07:20 - 00010226 _____ C:\Users\Lenovo\Downloads\FRST.txt
2016-02-26 07:19 - 2016-02-26 07:20 - 00000000 ____D C:\FRST
2016-02-26 07:17 - 2016-02-26 07:17 - 02371072 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2016-02-24 10:33 - 2016-02-24 10:33 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Gadwin
2016-02-24 10:33 - 2016-02-24 10:33 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Gadwin
2016-02-24 10:20 - 2016-02-24 10:20 - 00000000 ___RD C:\Users\Lenovo\AppData\Roaming\Brother
2016-02-24 10:20 - 2016-02-24 10:20 - 00000000 ____D C:\Users\Lenovo\AppData\LocalLow\Brother
2016-02-24 09:54 - 2016-02-24 09:54 - 00002136 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2016-02-24 09:54 - 2016-02-24 09:54 - 00002051 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2016-02-24 09:54 - 2016-02-24 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-02-24 09:32 - 2016-02-24 09:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-24 09:32 - 2016-02-24 09:32 - 00000000 ____D C:\Program Files (x86)\Browny02
2016-02-24 09:32 - 2016-02-24 09:32 - 00000000 ____D C:\Program Files (x86)\Brother
2016-02-24 09:32 - 2016-02-24 09:32 - 00000000 ____D C:\Brother
2016-02-24 09:32 - 2014-02-26 22:17 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2016-02-24 09:32 - 2014-02-26 22:17 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2016-02-24 09:32 - 2014-02-26 22:17 - 00045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
2016-02-24 09:32 - 2014-02-26 22:17 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2016-02-24 09:32 - 2014-02-26 22:17 - 00000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
2016-02-24 09:32 - 2014-02-26 22:16 - 00000050 _____ C:\Windows\system32\BRADM13A.DAT
2016-02-24 09:32 - 2014-02-26 08:04 - 00227840 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM13A.DLL
2016-02-24 09:25 - 2016-02-24 09:54 - 00000000 ____D C:\ProgramData\Brother
2016-02-24 08:51 - 2016-02-24 08:51 - 00002215 _____ C:\Users\Public\Desktop\Gadwin PrintScreen (64-Bit).lnk
2016-02-24 08:51 - 2016-02-24 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin
2016-02-24 08:51 - 2016-02-24 08:51 - 00000000 ____D C:\Program Files\Gadwin
2016-02-24 08:49 - 2016-02-24 08:49 - 13287142 _____ C:\Users\Lenovo\Downloads\PrintScreen542_Setup.zip
2016-02-22 10:19 - 2016-02-22 10:20 - 06807453 _____ C:\Users\Lenovo\Downloads\sierra-rising-x-belthagor.zip
2016-02-22 07:28 - 2016-02-22 07:28 - 00002133 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2016-02-22 07:28 - 2016-02-22 07:28 - 00000000 ____D C:\Users\Lenovo\Documents\My Games
2016-02-22 07:28 - 2016-02-22 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2016-02-22 07:28 - 2016-02-22 07:28 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
2016-02-22 07:28 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-02-22 07:28 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-02-22 07:26 - 2016-02-22 07:26 - 09637888 _____ C:\Users\Lenovo\Downloads\PathOfExileInstaller.msi
2016-02-20 18:58 - 2016-02-25 19:38 - 00000000 ____D C:\Program Files (x86)\InsanityFlyFF
2016-02-20 17:15 - 2016-02-20 18:57 - 1242770462 _____ (Igor Pavlov) C:\Users\Lenovo\Downloads\InsanityFlyFF_November_v3_2015.exe
2016-02-20 16:24 - 2016-02-20 16:24 - 00002040 _____ C:\Users\Lenovo\Desktop\FL Studio 12 (64bit).lnk
2016-02-20 16:24 - 2016-02-20 16:24 - 00002024 _____ C:\Users\Lenovo\Desktop\FL Studio 12.lnk
2016-02-20 16:24 - 2016-02-20 16:24 - 00001134 _____ C:\Users\Lenovo\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Users\Lenovo\Documents\Image-Line
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Image-Line
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Program Files\Image-Line
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Program Files\Common Files\VST2
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-02-20 16:24 - 2016-02-20 16:24 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-02-20 16:20 - 2016-02-20 16:24 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-02-20 16:18 - 2016-02-20 16:20 - 632627944 _____ (Image-Line) C:\Users\Lenovo\Downloads\flstudio_12.2.exe
2016-02-20 16:16 - 2016-02-20 16:25 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Audacity
2016-02-20 16:16 - 2016-02-20 16:16 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Audacity
2016-02-20 16:15 - 2016-02-20 16:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-02-20 16:15 - 2016-02-20 16:15 - 26496761 _____ (Audacity Team ) C:\Users\Lenovo\Downloads\audacity-win-2.1.2.exe
2016-02-20 16:15 - 2016-02-20 16:15 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-02-20 16:15 - 2016-02-20 16:15 - 00001003 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-02-19 15:05 - 2016-02-19 15:05 - 00000000 ____D C:\Users\Lenovo\AppData\Local\UWKProcess
2016-02-18 22:23 - 2016-02-18 22:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-18 22:21 - 2016-02-18 22:21 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-02-18 22:21 - 2016-02-18 22:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-02-18 18:56 - 2016-02-18 18:56 - 00000000 ____D C:\Users\Lenovo\Documents\Custom Office Templates
2016-02-18 18:55 - 2016-02-18 18:59 - 00004966 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lenovo-PC-Lenovo Lenovo-PC
2016-02-18 16:43 - 2016-02-19 15:05 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-18 16:43 - 2016-02-18 16:43 - 00000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2016-02-18 16:38 - 2016-02-18 16:38 - 00000000 ____D C:\Users\Lenovo\AppData\LocalLow\Freejam
2016-02-18 16:34 - 2016-02-18 07:13 - 00245544 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-02-18 16:20 - 2016-02-18 16:20 - 00001634 _____ C:\Users\Lenovo\Desktop\Robocraft Launcher.lnk
2016-02-18 16:20 - 2016-02-18 16:20 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft Launcher
2016-02-18 16:20 - 2016-02-18 16:20 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Solid State Networks
2016-02-18 16:20 - 2016-02-18 16:20 - 00000000 ____D C:\Games
2016-02-18 16:19 - 2016-02-18 16:20 - 12397864 _____ (Freejam Games ) C:\Users\Lenovo\Downloads\RobocraftSetup.exe
2016-02-17 16:24 - 2016-02-17 16:24 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-02-17 16:23 - 2016-02-19 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-17 16:23 - 2016-02-17 16:23 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-17 16:23 - 2016-02-17 16:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-02-17 16:22 - 2016-02-17 16:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-02-17 16:22 - 2016-02-17 16:22 - 00000000 ____D C:\Windows\PCHEALTH
2016-02-17 16:22 - 2016-02-17 16:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-17 16:20 - 2016-02-17 16:22 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-17 16:20 - 2016-02-17 16:20 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Microsoft Help
2016-02-17 16:20 - 2016-02-17 16:20 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-02-17 16:20 - 2016-02-17 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-17 16:20 - 2016-02-17 16:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-02-17 16:19 - 2016-02-17 16:19 - 00000000 __RHD C:\MSOCache
2016-02-17 12:03 - 2016-02-17 12:03 - 00000000 ____D C:\Users\Lenovo\AppData\Local\GWX
2016-02-16 22:38 - 2016-02-16 22:41 - 00000000 ____D C:\office 2013 school
2016-02-16 22:38 - 2016-02-16 22:38 - 00000000 ____D C:\My Kindle Content
2016-02-16 22:37 - 2016-02-16 22:38 - 00000000 ____D C:\Microsoft_Office_Professional_Plus_2013_with_SP1_64-bit_(English)_X19-39668 For Students Attending Canton University
2016-02-16 22:36 - 2016-02-16 22:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-02-16 22:11 - 2016-02-23 08:20 - 00000252 _____ C:\Users\Lenovo\Desktop\musical notes.txt
2016-02-16 18:50 - 2016-02-16 18:50 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-16 18:50 - 2016-02-16 18:50 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-16 12:59 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-16 12:59 - 2016-02-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-16 12:59 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-16 12:59 - 2016-02-06 02:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-16 12:59 - 2016-02-06 02:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-16 12:59 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-16 12:59 - 2016-02-06 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-16 12:59 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-16 12:59 - 2016-02-06 01:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-16 12:59 - 2016-02-06 01:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-16 12:59 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-16 12:59 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-16 12:59 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-16 12:59 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-16 12:59 - 2016-01-22 12:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-16 12:59 - 2016-01-22 12:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-16 12:59 - 2016-01-21 22:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-16 12:59 - 2016-01-21 22:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-16 12:59 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-16 12:59 - 2016-01-21 22:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-16 12:59 - 2016-01-21 22:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-16 12:59 - 2016-01-21 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-16 12:59 - 2016-01-21 22:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-16 12:59 - 2016-01-21 22:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-16 12:59 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-16 12:59 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-16 12:59 - 2016-01-21 22:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-16 12:59 - 2016-01-21 22:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-16 12:59 - 2016-01-21 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-16 12:59 - 2016-01-21 22:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-16 12:59 - 2016-01-21 22:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-16 12:59 - 2016-01-21 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-16 12:59 - 2016-01-21 22:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-16 12:59 - 2016-01-21 22:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-16 12:59 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-16 12:59 - 2016-01-21 22:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-16 12:59 - 2016-01-21 22:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-16 12:59 - 2016-01-21 22:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-16 12:59 - 2016-01-21 22:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-16 12:59 - 2016-01-21 22:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-16 12:59 - 2016-01-21 22:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-16 12:59 - 2016-01-21 21:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-16 12:59 - 2016-01-21 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-16 12:59 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-16 12:59 - 2016-01-21 21:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-16 12:59 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-16 12:59 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-16 12:59 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-16 12:59 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-16 12:59 - 2016-01-21 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-16 12:59 - 2016-01-21 21:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-16 12:59 - 2016-01-21 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-16 12:59 - 2016-01-21 21:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-16 12:59 - 2016-01-21 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-16 12:59 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-16 12:59 - 2016-01-21 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-16 12:59 - 2016-01-21 21:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-16 12:59 - 2016-01-21 21:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-16 12:59 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-16 12:59 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-16 12:59 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-16 12:59 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-16 12:59 - 2016-01-21 21:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-16 12:59 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-16 12:59 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-16 12:59 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-16 12:59 - 2016-01-16 11:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-16 12:59 - 2016-01-16 10:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-16 12:59 - 2016-01-11 06:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-16 12:59 - 2016-01-11 06:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-16 12:59 - 2016-01-11 06:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-16 12:59 - 2016-01-11 06:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-16 12:59 - 2016-01-11 06:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-16 12:59 - 2015-12-20 10:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-16 12:59 - 2015-12-20 10:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-16 12:59 - 2015-12-20 06:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-16 12:59 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-16 12:59 - 2015-07-16 11:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-02-16 12:59 - 2015-07-16 11:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-02-16 12:59 - 2015-07-16 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-02-16 12:59 - 2015-07-16 11:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-02-16 12:59 - 2015-07-16 11:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-02-16 12:59 - 2015-07-16 11:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-02-16 12:59 - 2015-07-11 05:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-02-16 12:59 - 2015-06-03 12:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-02-16 12:59 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-02-16 12:59 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-02-16 12:59 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-02-16 12:59 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-02-16 12:59 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-02-16 12:59 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-02-16 12:59 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2016-02-16 12:59 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2016-02-16 12:59 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2016-02-16 12:59 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2016-02-16 12:59 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2016-02-16 12:59 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-02-16 12:59 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-02-16 12:58 - 2011-03-10 22:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2016-02-16 12:58 - 2011-03-10 22:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2016-02-16 12:58 - 2011-03-10 22:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2016-02-16 12:58 - 2011-03-10 22:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2016-02-16 12:58 - 2011-03-10 22:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2016-02-16 12:58 - 2011-03-10 22:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-02-16 12:58 - 2011-03-10 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2016-02-16 12:58 - 2011-03-10 21:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-02-16 12:58 - 2011-03-10 21:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2016-02-16 12:58 - 2011-03-10 20:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-02-16 12:10 - 2016-02-16 12:10 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ButtonBass Distorted Guitar.lnk
2016-02-16 12:10 - 2016-02-16 12:10 - 00001061 _____ C:\Users\Public\Desktop\ButtonBass Distorted Guitar.lnk
2016-02-16 12:10 - 2016-02-16 12:10 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ButtonBass Player Piano.lnk
2016-02-16 12:10 - 2016-02-16 12:10 - 00001021 _____ C:\Users\Public\Desktop\ButtonBass Player Piano.lnk
2016-02-16 12:10 - 2016-02-16 12:10 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\com.buttonbass.playerpiano
2016-02-16 12:10 - 2016-02-16 12:10 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\ButtonBass
2016-02-16 12:10 - 2016-02-16 12:10 - 00000000 ____D C:\Program Files (x86)\ButtonBass Player Piano
2016-02-16 12:10 - 2016-02-16 12:10 - 00000000 ____D C:\Program Files (x86)\ButtonBass Distorted Guitar
2016-02-16 12:09 - 2016-02-16 12:09 - 18346464 _____ (Adobe Systems Inc.) C:\Users\Lenovo\Downloads\AdobeAIRInstaller.exe
2016-02-16 12:09 - 2016-02-16 12:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-16 12:09 - 2016-02-16 12:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-16 12:09 - 2016-02-16 12:09 - 00000000 ____D C:\ProgramData\Adobe
2016-02-16 12:09 - 2016-02-16 12:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-16 12:08 - 2016-02-16 12:08 - 01976559 _____ C:\Users\Lenovo\Downloads\PianoEditor.air
2016-02-16 12:08 - 2016-02-16 12:08 - 01343803 _____ C:\Users\Lenovo\Downloads\Distort.air
2016-02-15 20:50 - 2016-02-24 10:18 - 00111520 _____ C:\Users\Lenovo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-15 20:41 - 2016-02-15 20:41 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-15 20:39 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-02-15 20:39 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-02-15 20:39 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-02-15 20:39 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-02-15 20:39 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-02-15 20:39 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-02-15 20:39 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-02-15 20:39 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-02-15 20:39 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-02-15 20:39 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-02-15 20:38 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-02-15 20:38 - 2012-08-23 06:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2016-02-15 20:38 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2016-02-15 20:38 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-02-15 20:37 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-15 20:37 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-15 20:37 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-02-15 20:37 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-02-15 20:37 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-02-15 20:36 - 2015-12-16 10:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-15 20:36 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-15 20:36 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-15 20:36 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-15 20:36 - 2015-12-16 10:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-02-15 20:36 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-02-15 20:36 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-02-15 20:36 - 2015-12-16 10:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-02-15 20:36 - 2015-12-16 06:38 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-02-15 20:36 - 2015-12-16 06:37 - 00419928 _____ C:\Windows\system32\locale.nls
2016-02-15 20:36 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-02-15 20:36 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-15 20:36 - 2015-08-05 09:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-02-15 20:36 - 2015-08-05 09:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-02-15 20:36 - 2015-02-03 19:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-02-15 20:36 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-02-15 20:36 - 2015-02-02 19:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-02-15 20:36 - 2015-02-02 19:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-02-15 20:21 - 2016-02-26 07:16 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-02-15 20:17 - 2016-02-26 07:14 - 00000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2016-02-15 20:17 - 2016-02-15 20:17 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-02-15 20:11 - 2016-02-15 20:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-15 20:10 - 2016-02-25 23:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-15 20:10 - 2016-02-25 23:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-15 19:44 - 2016-02-15 19:45 - 00000000 ____D C:\Windows\system32\MRT
2016-02-15 19:44 - 2016-02-15 19:44 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-15 19:26 - 2015-07-30 05:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-15 19:26 - 2015-07-30 05:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-15 19:23 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-02-15 19:19 - 2016-02-15 19:19 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-02-15 19:19 - 2016-02-15 19:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-02-15 19:19 - 2016-02-15 19:19 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-02-15 19:19 - 2016-02-15 19:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-02-15 19:19 - 2016-02-15 19:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-02-15 19:19 - 2016-02-15 19:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-02-15 19:19 - 2016-02-15 19:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-02-15 19:02 - 2016-02-15 19:02 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-02-15 19:02 - 2016-02-15 19:02 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-02-15 18:39 - 2016-02-17 03:02 - 00773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-15 18:37 - 2016-02-15 18:37 - 00000000 ____D C:\Users\Lenovo\Tracing
2016-02-15 17:52 - 2012-07-25 19:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2016-02-15 17:52 - 2012-07-25 19:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2016-02-15 17:52 - 2012-07-25 19:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-02-15 17:52 - 2012-07-25 19:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2016-02-15 17:52 - 2012-07-25 19:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2016-02-15 17:52 - 2012-07-25 18:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2016-02-15 17:52 - 2012-07-25 18:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2016-02-15 17:52 - 2012-06-02 06:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2016-02-15 17:45 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-02-15 17:45 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-02-15 17:45 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-02-15 17:45 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2016-02-15 17:44 - 2012-02-29 22:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2016-02-15 17:44 - 2012-02-29 22:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2016-02-15 17:44 - 2012-02-29 21:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2016-02-15 17:42 - 2016-02-15 20:17 - 00000000 ____D C:\Intel
2016-02-15 17:42 - 2016-02-15 17:42 - 00000000 ____D C:\Program Files\Intel
2016-02-15 17:42 - 2016-02-15 17:42 - 00000000 ____D C:\Program Files (x86)\Intel
2016-02-15 17:42 - 2015-08-09 04:50 - 00096752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2016-02-15 17:42 - 2015-08-09 04:50 - 00092648 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-02-15 17:38 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-02-15 17:38 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-02-15 17:38 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-02-15 17:38 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-02-15 17:38 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-02-15 17:38 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-02-15 17:38 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-02-15 17:38 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-02-15 17:34 - 2015-07-15 10:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-02-15 17:34 - 2015-07-15 10:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-02-15 17:34 - 2015-07-15 10:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-02-15 17:34 - 2015-05-25 10:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-02-15 17:34 - 2015-05-25 10:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-02-15 17:34 - 2015-05-25 10:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-02-15 17:34 - 2015-05-25 10:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-02-15 17:34 - 2015-05-25 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-02-15 17:34 - 2015-05-25 10:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-02-15 17:34 - 2015-05-25 10:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-02-15 17:34 - 2015-05-25 10:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-02-15 17:34 - 2015-05-25 10:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2016-02-15 17:34 - 2015-05-25 10:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2016-02-15 17:34 - 2015-05-25 10:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2016-02-15 17:34 - 2015-05-25 10:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2016-02-15 17:34 - 2015-02-02 19:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-02-15 17:34 - 2015-02-02 19:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-02-15 17:34 - 2015-02-02 19:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-02-15 17:34 - 2015-02-02 19:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-02-15 17:34 - 2015-02-02 19:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-02-15 17:34 - 2015-02-02 19:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-02-15 17:34 - 2015-02-02 19:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-02-15 17:34 - 2015-02-02 19:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-02-15 17:34 - 2015-02-02 19:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-02-15 17:34 - 2015-02-02 19:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-02-15 17:34 - 2015-02-02 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-02-15 17:34 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-02-15 17:34 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-02-15 17:33 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-15 17:33 - 2016-01-06 11:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-15 17:33 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-15 17:33 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-02-15 17:33 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-02-15 17:33 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-02-15 17:33 - 2015-04-29 10:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-02-15 17:33 - 2015-04-29 10:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-02-15 17:33 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-02-15 17:33 - 2015-04-29 10:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-02-15 17:33 - 2015-04-29 10:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-02-15 17:33 - 2015-04-29 10:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-02-15 17:33 - 2015-04-29 10:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-02-15 17:33 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-02-15 17:33 - 2015-04-29 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-02-15 17:33 - 2015-04-29 10:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-02-15 17:33 - 2015-04-17 19:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-15 17:33 - 2015-04-17 18:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-15 17:33 - 2015-04-12 19:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-02-15 17:33 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-02-15 17:33 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-02-15 17:33 - 2012-10-09 10:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-02-15 17:33 - 2012-10-09 10:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2016-02-15 17:33 - 2012-10-09 09:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-02-15 17:33 - 2012-10-09 09:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2016-02-15 17:33 - 2012-01-04 02:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-02-15 17:33 - 2012-01-04 00:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-02-15 17:33 - 2011-06-15 21:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2016-02-15 17:33 - 2011-06-15 20:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2016-02-15 17:33 - 2011-06-15 02:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2016-02-15 17:33 - 2011-06-15 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2016-02-15 17:33 - 2011-06-15 02:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2016-02-15 17:33 - 2011-06-15 02:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2016-02-15 17:33 - 2011-06-15 00:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2016-02-15 17:33 - 2011-06-15 00:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2016-02-15 17:33 - 2011-06-15 00:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2016-02-15 17:33 - 2011-06-15 00:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2016-02-15 17:33 - 2011-06-15 00:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2016-02-15 17:33 - 2011-05-03 21:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-02-15 17:33 - 2011-05-03 21:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-02-15 17:33 - 2011-05-03 21:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2016-02-15 17:33 - 2011-05-03 21:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2016-02-15 17:33 - 2011-05-03 21:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2016-02-15 17:33 - 2011-05-03 21:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2016-02-15 17:33 - 2011-05-03 21:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-02-15 17:33 - 2011-05-03 21:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-02-15 17:33 - 2011-05-03 21:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2016-02-15 17:33 - 2011-05-03 20:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-02-15 17:33 - 2011-05-03 20:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-02-15 17:33 - 2011-05-03 20:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2016-02-15 17:33 - 2011-05-03 20:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2016-02-15 17:33 - 2011-05-03 20:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2016-02-15 17:33 - 2011-05-03 20:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2016-02-15 17:33 - 2011-05-03 20:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2016-02-15 17:33 - 2011-05-03 20:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-02-15 17:33 - 2011-05-03 20:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2016-02-15 17:33 - 2010-12-23 02:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-02-15 17:33 - 2010-12-23 02:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2016-02-15 17:33 - 2010-12-22 21:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2016-02-15 17:33 - 2010-12-22 21:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2016-02-15 17:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-15 17:32 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-15 17:32 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-15 17:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-02-15 17:32 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-02-15 17:32 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-02-15 17:32 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-02-15 17:32 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-02-15 17:32 - 2015-07-01 12:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-02-15 17:32 - 2015-07-01 12:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-02-15 17:32 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-02-15 17:32 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-02-15 17:32 - 2015-06-01 16:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-02-15 17:32 - 2015-06-01 15:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-02-15 17:32 - 2015-01-28 19:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-02-15 17:32 - 2015-01-28 19:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-02-15 17:32 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-02-15 17:32 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-02-15 17:32 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2016-02-15 17:32 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-02-15 17:32 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-02-15 17:32 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-02-15 17:32 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2016-02-15 17:32 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-02-15 17:32 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2016-02-15 17:32 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2016-02-15 17:32 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2016-02-15 17:32 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-02-15 17:32 - 2013-03-18 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2016-02-15 17:32 - 2012-11-28 14:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-02-15 17:32 - 2012-11-28 14:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-02-15 17:32 - 2012-11-28 14:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-02-15 17:32 - 2011-11-16 22:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-02-15 17:32 - 2011-11-16 21:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-02-15 17:30 - 2016-01-21 22:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-15 17:30 - 2016-01-21 22:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-15 17:30 - 2016-01-21 22:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-15 17:30 - 2016-01-21 22:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-15 17:30 - 2016-01-21 22:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-15 17:30 - 2016-01-21 21:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-15 17:30 - 2016-01-21 21:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-15 17:30 - 2016-01-21 21:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-15 17:29 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-02-15 17:29 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2016-02-15 17:29 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2016-02-15 17:29 - 2013-01-23 22:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-02-15 17:29 - 2012-07-04 14:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-02-15 17:29 - 2012-07-04 14:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-02-15 17:29 - 2012-07-04 14:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-02-15 17:29 - 2012-07-04 13:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-02-15 17:29 - 2012-07-04 13:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-02-15 17:27 - 2016-01-11 11:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-15 17:27 - 2016-01-11 11:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-15 17:27 - 2016-01-11 11:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-15 17:27 - 2016-01-11 10:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-15 17:27 - 2016-01-11 10:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-15 17:27 - 2016-01-11 10:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-15 17:27 - 2016-01-11 10:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-15 17:27 - 2016-01-11 10:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-15 17:27 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-15 17:27 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-15 17:27 - 2016-01-11 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-15 17:27 - 2016-01-11 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-15 17:27 - 2016-01-11 10:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-15 17:27 - 2016-01-11 10:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-15 17:27 - 2016-01-11 10:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-15 17:27 - 2016-01-11 10:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-15 17:27 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-02-15 17:27 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-02-15 17:27 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-02-15 17:27 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-15 17:27 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-15 17:27 - 2015-07-14 19:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-02-15 17:27 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2016-02-15 17:27 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2016-02-15 17:27 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2016-02-15 17:27 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2016-02-15 17:27 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2016-02-15 17:27 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2016-02-15 17:27 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2016-02-15 17:27 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2016-02-15 17:27 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2016-02-15 17:27 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2016-02-15 17:27 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2016-02-15 17:27 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2016-02-15 17:27 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2016-02-15 17:27 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2016-02-15 17:27 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2016-02-15 17:27 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2016-02-15 17:27 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2016-02-15 17:27 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2016-02-15 17:26 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-02-15 17:26 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-02-15 17:26 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-02-15 17:26 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-02-15 17:26 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-02-15 17:26 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-02-15 17:26 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-02-15 17:26 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-02-15 17:26 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-02-15 17:26 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-02-15 17:26 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-02-15 17:26 - 2015-06-03 12:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-02-15 17:26 - 2015-06-03 12:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-02-15 17:26 - 2015-06-03 12:16 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-02-15 17:26 - 2015-04-27 11:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-02-15 17:26 - 2015-04-27 11:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-02-15 17:26 - 2015-04-27 11:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-02-15 17:26 - 2015-04-27 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-02-15 17:26 - 2015-04-27 11:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-02-15 17:26 - 2015-04-27 11:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-02-15 17:26 - 2015-04-27 11:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-02-15 17:26 - 2015-04-27 11:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-02-15 17:26 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-02-15 17:26 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2016-02-15 17:26 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2016-02-15 17:26 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2016-02-15 17:26 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2016-02-15 17:26 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2016-02-15 17:26 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2016-02-15 17:26 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2016-02-15 17:26 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-02-15 17:26 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-02-15 17:26 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2016-02-15 17:26 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2016-02-15 17:26 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2016-02-15 17:26 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2016-02-15 17:26 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2016-02-15 17:26 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2016-02-15 17:26 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2016-02-15 17:26 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2016-02-15 17:26 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2016-02-15 17:26 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2016-02-15 17:26 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2016-02-15 17:26 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2016-02-15 17:26 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2016-02-15 17:26 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2016-02-15 17:26 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-02-15 17:26 - 2011-03-10 22:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2016-02-15 17:26 - 2011-03-10 22:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2016-02-15 17:26 - 2011-03-10 21:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2016-02-15 17:26 - 2011-03-10 21:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2016-02-15 17:25 - 2016-01-07 09:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-15 17:25 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-15 17:25 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-15 17:25 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-15 17:25 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-02-15 17:25 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-02-15 17:25 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-02-15 17:25 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-02-15 17:25 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-02-15 17:25 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-02-15 17:25 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-02-15 17:25 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-02-15 17:25 - 2015-04-24 10:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-02-15 17:25 - 2015-04-24 09:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-02-15 17:25 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-02-15 17:25 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2016-02-15 17:25 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-02-15 17:25 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-02-15 17:25 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2016-02-15 17:25 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2016-02-15 17:25 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-02-15 17:25 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-02-15 17:25 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-02-15 17:25 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-02-15 17:25 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-02-15 17:25 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-02-15 17:25 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-02-15 17:25 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2016-02-15 17:25 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2016-02-15 17:25 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2016-02-15 17:25 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2016-02-15 17:25 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2016-02-15 17:25 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2016-02-15 17:25 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2016-02-15 17:25 - 2013-02-11 20:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2016-02-15 17:25 - 2012-07-04 12:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2016-02-15 17:25 - 2011-12-29 22:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2016-02-15 17:25 - 2011-12-29 21:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2016-02-15 17:24 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-02-15 17:24 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-02-15 17:24 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-02-15 17:24 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-02-15 17:24 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-02-15 17:24 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-02-15 17:24 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-02-15 17:24 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-02-15 17:24 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-15 17:24 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-15 17:24 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-15 17:24 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-15 17:24 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-15 17:24 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-15 17:24 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-15 17:24 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-15 17:24 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-15 17:24 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-02-15 17:24 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-02-15 17:24 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-02-15 17:24 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-02-15 17:24 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-02-15 17:24 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-02-15 17:24 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-02-15 17:24 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-02-15 17:24 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-02-15 17:24 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-02-15 17:24 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-02-15 17:24 - 2015-02-17 23:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-02-15 17:24 - 2015-02-17 23:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-02-15 17:24 - 2012-12-07 05:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2016-02-15 17:24 - 2012-12-07 05:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2016-02-15 17:24 - 2012-12-07 04:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2016-02-15 17:24 - 2012-12-07 04:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2016-02-15 17:24 - 2012-12-07 03:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2016-02-15 17:24 - 2012-12-07 03:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2016-02-15 17:24 - 2012-12-07 03:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2016-02-15 17:24 - 2012-12-07 03:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2016-02-15 17:24 - 2012-12-07 03:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2016-02-15 17:24 - 2012-12-07 03:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2016-02-15 17:24 - 2012-12-07 03:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2016-02-15 17:24 - 2012-12-07 03:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2016-02-15 17:24 - 2012-12-07 03:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2016-02-15 17:24 - 2012-12-07 03:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2016-02-15 17:24 - 2012-12-07 03:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2016-02-15 17:24 - 2012-12-07 03:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2016-02-15 17:24 - 2012-12-07 03:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2016-02-15 17:24 - 2012-12-07 03:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2016-02-15 17:24 - 2012-12-07 02:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2016-02-15 17:23 - 2016-01-21 22:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-15 17:23 - 2016-01-21 22:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-15 17:23 - 2016-01-21 22:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-15 17:23 - 2016-01-21 22:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-15 17:23 - 2016-01-21 22:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-15 17:23 - 2016-01-21 22:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-15 17:23 - 2016-01-21 22:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-15 17:23 - 2016-01-21 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-15 17:23 - 2016-01-21 22:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-15 17:23 - 2016-01-21 22:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-15 17:23 - 2016-01-21 22:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-15 17:23 - 2016-01-21 22:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-15 17:23 - 2016-01-21 22:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-15 17:23 - 2016-01-21 22:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-15 17:23 - 2016-01-21 22:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-15 17:23 - 2016-01-21 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-15 17:23 - 2016-01-21 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-15 17:23 - 2016-01-21 22:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-15 17:23 - 2016-01-21 22:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-15 17:23 - 2016-01-21 22:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-15 17:23 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-15 17:23 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-15 17:23 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-15 17:23 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-15 17:23 - 2016-01-21 22:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 22:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-15 17:23 - 2016-01-21 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-15 17:23 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-15 17:23 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-15 17:23 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-15 17:23 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-15 17:23 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-15 17:23 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-15 17:23 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-15 17:23 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-15 17:23 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-15 17:23 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-15 17:23 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-15 17:23 - 2016-01-21 21:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-15 17:23 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-15 17:23 - 2016-01-21 21:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-15 17:23 - 2016-01-21 20:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-15 17:23 - 2016-01-21 20:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-15 17:23 - 2016-01-21 20:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-15 17:23 - 2016-01-21 20:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-15 17:23 - 2016-01-21 20:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-15 17:23 - 2016-01-21 20:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-15 17:23 - 2016-01-21 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-15 17:23 - 2016-01-21 20:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-15 17:23 - 2016-01-21 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-15 17:23 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-15 17:23 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-15 17:23 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-15 17:23 - 2016-01-16 11:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-15 17:23 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-15 17:23 - 2016-01-07 09:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-15 17:23 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-02-15 17:23 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-15 17:23 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-02-15 17:23 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-02-15 17:23 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-15 17:23 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-02-15 17:23 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-02-15 17:23 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-02-15 17:23 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-02-15 17:23 - 2015-06-15 13:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-02-15 17:23 - 2015-06-15 13:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-02-15 17:23 - 2015-06-15 13:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-02-15 17:23 - 2015-06-15 13:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-02-15 17:23 - 2015-06-15 13:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-02-15 17:23 - 2015-06-15 13:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-02-15 17:23 - 2015-06-15 13:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-02-15 17:23 - 2015-06-15 13:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-02-15 17:23 - 2015-04-10 19:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-02-15 17:23 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-02-15 17:23 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-02-15 17:23 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-02-15 17:23 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-02-15 17:23 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-02-15 17:23 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-02-15 17:23 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-02-15 17:23 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-02-15 17:23 - 2012-11-01 21:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2016-02-15 17:23 - 2012-11-01 21:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2016-02-15 17:23 - 2012-10-03 09:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2016-02-15 17:23 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2016-02-15 17:23 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2016-02-15 17:23 - 2012-10-03 09:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-02-15 17:23 - 2012-10-03 09:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-02-15 17:23 - 2012-10-03 08:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2016-02-15 17:23 - 2012-10-03 08:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2016-02-15 17:23 - 2012-10-03 08:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-02-15 17:23 - 2012-08-21 13:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2016-02-15 17:23 - 2012-03-16 23:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-02-15 17:23 - 2011-08-16 21:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-02-15 17:23 - 2011-08-16 21:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-02-15 17:23 - 2011-08-16 20:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2016-02-15 17:23 - 2011-08-16 20:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2016-02-15 17:23 - 2011-04-28 19:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-02-15 17:23 - 2011-04-28 19:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-02-15 17:23 - 2011-04-28 19:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-02-15 17:23 - 2011-03-02 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-02-15 17:23 - 2011-03-02 22:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-02-15 17:23 - 2011-03-02 22:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2016-02-15 17:23 - 2011-03-02 21:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-02-15 17:23 - 2011-03-02 21:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2016-02-15 17:23 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-02-15 17:22 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-02-15 17:22 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-15 17:22 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-02-15 17:22 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-02-15 17:22 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-02-15 17:22 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-02-15 17:22 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-02-15 17:22 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-02-15 17:22 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-02-15 17:22 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-02-15 17:22 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-02-15 17:22 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-02-15 17:22 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-02-15 17:22 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2016-02-15 17:22 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2016-02-15 17:22 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-02-15 17:22 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-02-15 17:22 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-02-15 17:22 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-02-15 17:22 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-02-15 17:22 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-02-15 17:22 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-02-15 17:22 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-02-15 17:22 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-02-15 17:22 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-02-15 17:22 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-02-15 17:22 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-02-15 17:22 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-02-15 17:22 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2016-02-15 17:22 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2016-02-15 17:22 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2016-02-15 17:22 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2016-02-15 17:22 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-02-15 17:22 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-02-15 17:22 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2016-02-15 17:22 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2016-02-15 17:22 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2016-02-15 17:22 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2016-02-15 17:22 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2016-02-15 17:22 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2016-02-15 17:22 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2016-02-15 17:22 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-02-15 17:22 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-02-15 17:22 - 2012-11-22 19:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2016-02-15 17:22 - 2012-09-25 14:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2016-02-15 17:22 - 2012-09-25 14:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2016-02-15 17:22 - 2012-04-25 21:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2016-02-15 17:22 - 2012-04-25 21:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2016-02-15 17:22 - 2011-05-24 03:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2016-02-15 17:22 - 2011-05-24 02:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2016-02-15 17:22 - 2011-05-24 02:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2016-02-15 17:22 - 2011-05-24 02:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2016-02-15 17:22 - 2011-05-24 02:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2016-02-15 17:22 - 2011-05-02 21:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-15 17:22 - 2011-05-02 20:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-15 17:22 - 2011-02-12 03:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2016-02-15 17:22 - 2011-02-05 09:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2016-02-15 17:22 - 2011-02-05 09:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2016-02-15 17:22 - 2011-02-05 09:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2016-02-15 17:21 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-02-15 17:21 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-02-15 17:21 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-02-15 17:21 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2016-02-15 17:21 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2016-02-15 17:21 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-02-15 17:21 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2016-02-15 17:21 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-15 17:21 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2016-02-15 17:21 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2016-02-15 17:21 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2016-02-15 17:21 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2016-02-15 17:21 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2016-02-15 17:21 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2016-02-15 17:21 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2016-02-15 17:21 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2016-02-15 17:21 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-02-15 17:21 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-02-15 17:21 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2016-02-15 17:21 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2016-02-15 17:21 - 2012-06-05 22:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2016-02-15 17:21 - 2012-06-05 21:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2016-02-15 17:21 - 2012-05-13 21:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-02-15 17:21 - 2011-12-16 00:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2016-02-15 17:21 - 2011-12-15 23:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2016-02-15 17:21 - 2011-08-26 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2016-02-15 17:21 - 2011-08-26 20:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-02-15 17:21 - 2011-02-22 20:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-02-15 17:21 - 2011-02-18 02:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2016-02-15 17:21 - 2011-02-17 21:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2016-02-15 17:03 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-02-15 17:03 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-15 17:03 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-02-15 17:03 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-02-15 17:03 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-02-15 17:03 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-15 17:03 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-02-15 17:03 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-02-15 17:03 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-15 17:03 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-15 17:03 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-02-15 17:03 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-02-15 17:03 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-02-15 17:03 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-02-15 17:03 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-02-15 17:03 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-02-15 16:05 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-02-15 16:05 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-02-15 16:05 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2016-02-15 11:23 - 2016-02-18 16:39 - 00007624 _____ C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg
2016-02-15 10:52 - 2016-02-23 11:55 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Skype
2016-02-15 10:52 - 2016-02-16 12:09 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2016-02-15 10:52 - 2016-02-15 10:52 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-15 10:52 - 2016-02-15 10:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-15 10:52 - 2016-02-15 10:52 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Macromedia
2016-02-15 10:52 - 2016-02-15 10:52 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Macromedia
2016-02-15 10:52 - 2016-02-15 10:52 - 00000000 ____D C:\ProgramData\Skype
2016-02-15 10:52 - 2016-02-15 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-15 10:51 - 2016-02-15 10:51 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Lenovo\Downloads\SkypeSetup.exe
2016-02-15 10:43 - 2016-02-25 22:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-15 10:43 - 2016-02-15 10:43 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-15 10:43 - 2016-02-15 10:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-15 10:43 - 2016-02-15 10:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-15 10:43 - 2016-02-15 10:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-02-15 10:43 - 2016-02-15 10:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-15 10:42 - 2016-02-16 12:09 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Adobe
2016-02-15 09:55 - 2016-02-19 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-15 09:55 - 2016-02-15 10:03 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Mozilla
2016-02-15 09:55 - 2016-02-15 09:57 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Mozilla
2016-02-15 09:55 - 2016-02-15 09:55 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-15 09:55 - 2016-02-15 09:55 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-15 09:55 - 2016-02-15 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 09:54 - 2016-02-15 09:55 - 00000000 ____D C:\Users\Lenovo\AppData\Local\NPE
2016-02-15 09:52 - 2016-02-15 10:10 - 00000000 ___SD C:\Users\Lenovo\AppData\LocalLow\Temp
2016-02-15 09:52 - 2016-02-15 09:52 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-02-15 09:52 - 2016-02-15 09:52 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-02-15 09:40 - 2016-02-15 09:52 - 00002292 _____ C:\Users\Public\Desktop\Norton Security.LNK
2016-02-15 09:40 - 2016-02-15 09:40 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-02-15 09:40 - 2016-02-15 09:40 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-02-15 09:40 - 2016-02-15 09:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-02-15 09:39 - 2016-02-15 09:54 - 00000000 ____D C:\ProgramData\Norton
2016-02-15 09:39 - 2016-02-15 09:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-02-15 09:39 - 2016-02-15 09:52 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-02-15 09:39 - 2016-02-15 09:39 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-02-15 09:39 - 2016-02-15 09:39 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-02-15 09:39 - 2016-02-15 09:39 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-02-15 09:32 - 2015-02-09 23:42 - 00487704 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys
2016-02-15 09:32 - 2015-02-09 23:42 - 00403256 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2016-02-15 09:32 - 2015-02-09 23:42 - 00073480 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2016-02-15 09:32 - 2015-02-09 23:42 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2016-02-15 09:32 - 2015-02-09 23:42 - 00003114 _____ C:\Windows\system32\e1d62x64.din
2016-02-14 22:32 - 2016-02-15 20:17 - 00001409 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-14 22:32 - 2016-02-15 20:17 - 00000000 ____D C:\Users\Lenovo
2016-02-14 22:32 - 2016-02-14 22:32 - 00000020 ___SH C:\Users\Lenovo\ntuser.ini
2016-02-14 22:32 - 2016-02-14 22:32 - 00000000 _SHDL C:\Users\Lenovo\My Documents
2016-02-14 22:32 - 2016-02-14 22:32 - 00000000 _SHDL C:\Users\Lenovo\Documents\My Videos
2016-02-14 22:32 - 2016-02-14 22:32 - 00000000 _SHDL C:\Users\Lenovo\Documents\My Pictures
2016-02-14 22:32 - 2016-02-14 22:32 - 00000000 _SHDL C:\Users\Lenovo\Documents\My Music
2016-02-14 22:32 - 2016-02-14 22:32 - 00000000 ____D C:\Users\Lenovo\AppData\Local\VirtualStore
2016-02-14 22:32 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Media Center Programs
2016-02-14 22:25 - 2016-02-14 22:25 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-14 22:25 - 2016-02-14 22:25 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-14 22:22 - 2016-02-14 22:32 - 00000000 ____D C:\Windows\Panther

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-26 07:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-26 07:14 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-26 07:14 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-24 14:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-02-24 09:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-22 10:21 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-20 07:31 - 2009-07-13 20:45 - 00433064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-19 20:24 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2016-02-19 20:15 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-18 16:22 - 2009-07-13 21:13 - 00781346 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-18 16:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2016-02-17 16:23 - 2011-04-12 00:28 - 00000000 ____D C:\Windows\ShellNew
2016-02-17 16:21 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-17 05:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-16 18:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-15 20:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2016-02-15 20:11 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-15 20:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-15 20:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-15 20:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-02-15 20:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism
2016-02-15 20:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-15 16:14 - 2009-07-13 21:08 - 00011644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-14 22:25 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-14 22:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-02-14 22:22 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories =======

2016-02-15 11:23 - 2016-02-18 16:39 - 0007624 _____ () C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\_is113F.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-18 11:31

==================== End of FRST.txt ============================

 

Addition.txt Attached

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 26 February 2016 - 10:36 AM

Hi belthagor :)

My name is Aura and I'll be assisting you with your issue. Please give me a few hours to review your logs and prepare a reply.

Thank you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 belthagor

belthagor
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 26 February 2016 - 05:54 PM

Hi belthagor :)

My name is Aura and I'll be assisting you with your issue. Please give me a few hours to review your logs and prepare a reply.

Thank you!

Thank you so much!

 

I forgot to mention that my internet speed has slowed down significantly.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 26 February 2016 - 09:32 PM

Hi belthagor :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 

High Physical Memory and Jumping Cpu usage under performance tab in task manager


This is most likely caused by Norton Security. Norton products are known to use a lot of system resources (RAM and CPU). Sadly, there's no way to "fix" that issue because that's how their products works. If you want an Antivirus that is more light-weight, you'll have to uninstall Norton Security and pick a new one.
 

After a format, I began having this problem, and the size of my windows 7 folder is 26 gb, somehow. I think it is slowly increasing in size.


This is normal. Under Windows 7, it's normal for the windows folder to be around 25GB, if not way bigger. The reason being that Windows 7 is old, and there's around 300+ Windows Updates for it so when you install them, they take space on your drive. You cannot avoid it either. Starting in Windows 8, Microsoft implemented new data compression algorithms for system files, which reduces the space they take on the drive Windows is installed, and also implemented a better management of installed Windows Updates.

I do not see anything in your logs, your issues are caused respectively by Norton Security, and a normal behavior of Windows 7.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 belthagor

belthagor
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 27 February 2016 - 10:47 AM


 

High Physical Memory and Jumping Cpu usage under performance tab in task manager


This is most likely caused by Norton Security. Norton products are known to use a lot of system resources (RAM and CPU). Sadly, there's no way to "fix" that issue because that's how their products works. If you want an Antivirus that is more light-weight, you'll have to uninstall Norton Security and pick a new one.
 

After a format, I began having this problem, and the size of my windows 7 folder is 26 gb, somehow. I think it is slowly increasing in size.


This is normal. Under Windows 7, it's normal for the windows folder to be around 25GB, if not way bigger. The reason being that Windows 7 is old, and there's around 300+ Windows Updates for it so when you install them, they take space on your drive. You cannot avoid it either. Starting in Windows 8, Microsoft implemented new data compression algorithms for system files, which reduces the space they take on the drive Windows is installed, and also implemented a better management of installed Windows Updates.

I do not see anything in your logs, your issues are caused respectively by Norton Security, and a normal behavior of Windows 7.

 

 

But this happened to me before I even installed a trial of norton.....

 

As for windows 7, I understand that with updates the folder might be larger, but it doesn't make sense to me to constantly increase in size... after I have every single update done already, no?

 

Maybe it's a hardware problem??

 

edit: as for norton, why would it only show high physical memory in performance tab, when in task manager, under the processes tab, the memory usage is low.....


Edited by belthagor, 27 February 2016 - 10:48 AM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 27 February 2016 - 04:43 PM

But this happened to me before I even installed a trial of norton.....


In that case, it could be svchost.exe hogging up all your RAM and CPU while checking/downloading/installing Windows Updates. It happens all the time, and I see it in my VMs when I create new ones.
 

As for windows 7, I understand that with updates the folder might be larger, but it doesn't make sense to me to constantly increase in size... after I have every single update done already, no?


It does. It's called temp files, and some of them are created/accumulated in the Windows folder. There's also the prefetch files that can take up quite a lot of space.
 

Maybe it's a hardware problem??


It could be an hardware issue.

Even thought your issue doesn't look like it's malware related (since your FRST logs are clean), it would be good to run more scans just in case before I let you go, so we'll make sure that the issue lies elsewhere.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 belthagor

belthagor
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 27 February 2016 - 09:02 PM

Aside from the posted logs, I would like your opinion on some advice I received. Someone told me some viruses can stay even after format, and the only way to remove them is to delete partition, make new partition and then format. Is this true? I don't want to waste time before being sure.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by Lenovo (Administrator) on Sat 02/27/2016 at 17:36:53.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 24

Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57VW7EBA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\881LAICA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FUBZXYM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4VX9C1O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWDH2R4V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RS05P6OI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3FBMRWL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZH9V7G1C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57VW7EBA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\881LAICA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FUBZXYM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4VX9C1O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWDH2R4V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RS05P6OI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3FBMRWL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZH9V7G1C (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/27/2016 at 17:37:57.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

 

# AdwCleaner v5.036 - Logfile created 27/02/2016 at 17:41:01
# Updated 22/02/2016 by Xplode
# Database : 2016-02-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lenovo - LENOVO-PC
# Running from : C:\Users\Lenovo\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [768 bytes] - [27/02/2016 17:39:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [690 bytes] - [27/02/2016 17:41:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [762 bytes] ##########
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/27/2016
Scan Time: 5:56 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.27.05
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lenovo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327387
Time Elapsed: 3 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 28 February 2016 - 12:39 PM

Someone told me some viruses can stay even after format, and the only way to remove them is to delete partition, make new partition and then format. Is this true?


It's true. These are quite rare however. Most malware that "survives" a fresh reinstall of Windows don't really "survive", it's because the user brought back the malware on it (such as connecting an infected USB Flash Drive, or he transferred back his back-up that had infected files). I would tell you that this is what we suggest in case someone gets infected with a file infector virus, like Ramnit, Virut, etc. but it's not needed for most malware infections.

The only detections in your logs are from JRT, and they aren't even detections, since it's simply deleting Temporary Internet Files folders (a bit like cleaning up the temp files on your system), and these aren't malicious. They are created whenever you browse the web.

Let's run a second set of tools. Follow the instructions below please.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows OS (you can access that information in the System properties window):
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • On opening, a first automatic scan will start, let it complete;
  • Once it's done, a prompt will appear asking you to accept the EULA of RogueKiller, click on Accept (your browser will open Adlice's RogueKiller website, you can close it);
  • Once you accepted the EULA, click on the Scan button. You can see the progression of the scan via the progress bars in the middle and on the right;
    vM3y3hL.png
  • After the scan is finished, click on the Report button on the right;
  • A notepad window will open, with the RogueKiller Scan report in it. Copy and paste it in your next reply;
cvMlKv6.pngESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.
  • Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
  • After you're done checking these options, click on "Start" and ESET Online Scanner will download it's virus signature database before starting the scan;
  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
  • Once you're done, click on the Back button, then click on the Finish button;
0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Your next reply should include:
  • Copy/pasted content of the RogueKiller scan log;
  • Copy/pasted content of the ESET Online Scanner log;
  • Copy/pasted content of the Emsisoft Emergency Kit log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 belthagor

belthagor
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 28 February 2016 - 10:36 PM

RogueKiller V11.0.13.0 (x64) [Feb 22 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Lenovo [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 02/28/2016 15:46:08 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WD1003FBYX-88 LEN ATA Device +++++ --- User --- [MBR] 529b4100cf7551a5e0dc54df612970e0 [BSP] 38c58629762f8ab4299c479e1885c3f1 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK

 

Eset Online Scanner gave me an error when I tried to update it, asking "is proxy configured."

 

I tried to do a search for manual update for it, but couldn't get any results.

 

Edit: Eset Scanner updated successfully, found no viruses. Additionally, I don't know if this will help but, I originally clicked on resource monitor in task manager, and saw that svchost was taking up a lot of processes. But I can no longer see that process taking up abnormal memory....

 

Is there some kind of tool, similar to task manager, that can see which processes take up memory, specifically physical memory.

 

Emsisoft Emergency Kit - Version 11.0 Last update: 2/28/2016 6:55:43 PM User account: Lenovo-PC\Lenovo Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 2/28/2016 6:58:45 PM Scanned 70740 Found 0 Scan end: 2/28/2016 7:00:17 PM Scan time: 0:01:32


Edited by belthagor, 28 February 2016 - 11:28 PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 29 February 2016 - 11:54 AM

Is there some kind of tool, similar to task manager, that can see which processes take up memory, specifically physical memory.


Something like Process Hacker or Process Explorer might fit your needs.

Other than that, your logs are clean :) If you still have issues about RAM and CPU usage, I suggest you to visit the Windows 7 section and ask about it there.

Now let's remove the tools you downloaded to run the scans, and reset a few settings.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advices and recommendations

Now it's time to give you some tips, tricks, advices and recommendations on how to protect your system and prevents you from being infected in the future. This is where I'll explain you basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in that speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first step in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is also another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take over it. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vector to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and dqVs5wj.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here's a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

AntivirusAntimalwareFirewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Have both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Light-weight firewall implemented the Windows Firewall and giving you more control over it;
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware go through to infect a system, and therefore it should be the program(s) you want to secure the most. There's two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here's a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browsers);
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here's a few:As you can see, there's plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here's a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on BleepingComputer and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 belthagor

belthagor
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 29 February 2016 - 07:14 PM

 

Do you have any questions before I close this thread? :)

 

 

Thank you for your help.

 

One last question. Are you sure it is a good idea to keep all of my programs updated? Because when I update some things, there are major problems in the new versions. Firefox has had a memory leak for a long time, for example. Antivirus, and security updates are obviously required, but I feel that a lot of things might be harmful to my system, from previous experience.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 PM

Posted 29 February 2016 - 09:47 PM

Are you sure it is a good idea to keep all of my programs updated? Because when I update some things, there are major problems in the new versions. Firefox has had a memory leak for a long time, for example.


Yes it is a good idea, every IT Professional will tell you so. Web browsers even more, because like I said, web browsers most often are the main door between your system and an infection, so you don't want to be running an outdated web browser that can be exploited. These are updated often and they always contain security fix.
 

Antivirus, and security updates are obviously required, but I feel that a lot of things might be harmful to my system, from previous experience.


You are more at risk of being infected when running outdated software, than running up-to-date software. And being infected is way more harmful to your system than dealing with a program that can have a memory leak. If a program doesn't fit your needs, you change it, there's lots of alternatives for every of them :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 belthagor

belthagor
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 March 2016 - 11:22 AM

 

Are you sure it is a good idea to keep all of my programs updated? Because when I update some things, there are major problems in the new versions. Firefox has had a memory leak for a long time, for example.


Yes it is a good idea, every IT Professional will tell you so. Web browsers even more, because like I said, web browsers most often are the main door between your system and an infection, so you don't want to be running an outdated web browser that can be exploited. These are updated often and they always contain security fix.
 

Antivirus, and security updates are obviously required, but I feel that a lot of things might be harmful to my system, from previous experience.


You are more at risk of being infected when running outdated software, than running up-to-date software. And being infected is way more harmful to your system than dealing with a program that can have a memory leak. If a program doesn't fit your needs, you change it, there's lots of alternatives for every of them :)

 

Alright,

 

I still have high memory usage, but I'm glad you showed me useful tools, most of which I didn't even know about before.

 

I'll check out windows 7 section, feel free to close this.

 

Thanks for your help!



#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 01 March 2016 - 11:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users