Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus and unauthorized access possibly via Teamviewer and Anydesk


  • This topic is locked This topic is locked
7 replies to this topic

#1 JTSnow

JTSnow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 23 May 2016 - 10:33 PM

I recently upgraded to Windows 10.  It did not go smoothly, probably do to the fact that I have not done a clean OS install for 5 years or more which resulted in me having to do a clean install after the upgrade. I have been slowly restoring old software from my previous install and made some bad decisions on some downloads today and because of this I am certain I had a virus and an unauthorized access of my PC.
 
I left the computer for about an hour during dinner and when I came back the session of Google Chrome I had opened was closed, all of my desktop icons had shifted around to the left side of the screen and I had an open window for a program called “Teamviewer” on my screen.  I did not install this program and after checking logs there was nothing showing its installation. (it appears it was a “portable” version of this program which I quickly deleted) I immediately ran a quick scan with my antivirus program and it found and removed a couple items that were downloaded within the past few hours.  I immediately came here after that and started working through some of your tutorials on virus scan and removal.  Malware Bytes found 1 more item but since then no positives.
 
After the initial scan I started looking into other changes and noticed that my browser history had several searches on Ebay and visits to Paypal (all for expensive items obviously) during the time I was a way from the computer. (no one else in the home had accessed the computer during this time either) I checked Ebay and Paypal from my phone and there were no unauthorized charges or orders, and I checked bank accounts (most of which I have enabled 2 factor authentication already) and they are ok so far too.  I also found a file in one of my temp folders called “dofoauthis.exe” which appears to be a renaming of Anydesk by Philandro Software, another remote access program that was installed at the same time as the other viruses. According to the Farbar Recovery Scan Tool there are some firewall whitelist rules created for that program, “dofoauthis.exe” in the registry which I am unsure of how to remove even after deleting the file.  Currently I have McAfee running a full system scan but it will likely take a while to complete.
 
I will be contacting Ebay shortly to forward them the auctions that were visited by the person who gained access to my computer in the likely chance there were fraudulent charges made to the vendors of the items.
 
Needless to say I am a little rattled by this and would like help in verifying that my system is clean after the previous incident.  Thanks in advance.
 
------------------------------------------
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-05-2016
Ran by Lazarus (administrator) on ZION (23-05-2016 22:59:51)
Running from C:\Users\Lazarus\Desktop
Loaded Profiles: Lazarus (Available Profiles: Lazarus)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\pia_manager\pia_manager.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Valve Corporation) W:\Program Files\Steam\Steam.exe
(Flux Software LLC) C:\Users\Lazarus\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) W:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(hxxp://www.ruby-lang.org/) C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-3875056975-3876241670-1242926050-1001\...\Run: [Steam] => W:\Program Files\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-3875056975-3876241670-1242926050-1001\...\Run: [f.lux] => C:\Users\Lazarus\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3875056975-3876241670-1242926050-1001\...\RunOnce: [Uninstall C:\Users\Lazarus\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lazarus\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
Startup: C:\Users\Lazarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2016-05-11]
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{148ffa95-89aa-4751-ab9d-721ca5d32e99}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{a80bdb07-611b-4151-ba6e-0edf1a0a7697}: [NameServer] 209.222.18.222,209.222.18.218
Tcpip\..\Interfaces\{a80bdb07-611b-4151-ba6e-0edf1a0a7697}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3875056975-3876241670-1242926050-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3875056975-3876241670-1242926050-1001 -> DefaultScope {9DB0D604-F694-46CA-A70B-E9D6883DC363} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-05-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-04-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-04-28] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-23] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF SearchPlugin: C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\searchplugins\McSiteAdvisor.xml [2016-05-23]
FF Extension: TinEye Reverse Image Search - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\tineye@ideeinc.com.xpi [2015-09-29]
FF Extension: Tab Mix Plus - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-03-10]
FF Extension: NoScript - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-12]
FF Extension: DownThemAll! - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-17]
FF Extension: Elite Proxy Switcher - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\eliteproxyswitcher@my-proxy.com.xpi [2016-04-28]
FF Extension: Google Translator for Firefox - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\translator@zoli.bod.xpi [2016-04-28]
FF Extension: Search By Image (by Google) - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2016-04-28]
FF Extension: Greasemonkey - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-28]
FF Extension: NetVideoHunter - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\netvideohunter@netvideohunter.com [2016-05-11]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\artur.dubovoy@gmail.com [2016-05-17]
FF Extension: ImageHost Grabber - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2016-05-17] [not signed]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-19]
FF Extension: flickr original - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\flickr@jzlabs.com.xpi [2016-04-27]
FF Extension: NASA Night Launch - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\nasanightlaunch@example.com.xpi [2016-04-04]
FF Extension: Personas Plus - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\personas@christopher.beard.xpi [2016-04-27]
FF Extension: Premium Proxy Switcher - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\premiumproxyswitcher@freeproxylist.org [2016-05-11] [not signed]
FF Extension: BlackFox V2 - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\zigboom@hotmail.com [2016-05-11]
FF Extension: McAfee SafeKey - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2016-05-11] [not signed]
FF Extension: Session Manager - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-19]
FF Extension: CacheViewer Continued - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2013-10-05] [not signed]
FF Extension: Download Status Bar - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-03-12]
FF Extension: Adblock Plus - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Link in neuem stillem Tab öffnen - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\{d4c46ca0-999d-11da-a72b-0800200c9a66}.xpi [2016-04-28]
FF Extension: User Agent Switcher - C:\Users\Lazarus\AppData\Roaming\Mozilla\Firefox\Profiles\mb9ifeiv.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-05-23] [not signed]
StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=756901&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-05-11]
CHR Extension: (The Great Suspender) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-05-11]
CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR Profile: C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (McAfee SafeKey) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2016-05-11]
CHR Extension: (SiteAdvisor) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-12]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-30] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-05-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-04-28] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c65x64.sys [471528 2015-11-12] (Intel Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194320 2015-10-15] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-23 22:59 - 2016-05-23 23:00 - 00026800 _____ C:\Users\Lazarus\Desktop\FRST.txt
2016-05-23 22:45 - 2016-05-23 22:59 - 00000000 ____D C:\FRST
2016-05-23 22:45 - 2016-05-23 22:45 - 02383360 _____ (Farbar) C:\Users\Lazarus\Desktop\FRST64.exe
2016-05-23 22:01 - 2016-05-23 22:01 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-23 21:55 - 2016-05-23 21:55 - 00000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-05-23 21:55 - 2016-05-23 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-05-23 21:54 - 2016-05-23 22:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-05-23 20:08 - 2016-05-23 20:08 - 00291606 _____ C:\Users\Lazarus\Desktop\TCPView.zip
2016-05-23 20:08 - 2016-05-23 20:08 - 00000000 ____D C:\Users\Lazarus\Desktop\TCPView
2016-05-23 20:06 - 2016-05-23 20:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-23 20:06 - 2016-05-23 20:06 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-23 20:06 - 2016-05-23 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-23 20:06 - 2016-05-23 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-23 20:06 - 2016-05-23 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-23 20:06 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-23 20:06 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-23 20:06 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-23 20:02 - 2016-05-23 20:02 - 00000000 ____D C:\ProgramData\AMD
2016-05-23 19:56 - 2016-05-23 19:56 - 00000000 ____D C:\Windows\system32\appmgmt
2016-05-23 19:02 - 2016-05-23 19:02 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\TeamViewer
2016-05-23 18:57 - 2016-05-23 18:57 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\AnyDesk
2016-05-23 12:46 - 2016-05-23 12:46 - 00004208 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-05-23 12:17 - 2016-05-23 20:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-23 11:49 - 2016-05-23 11:49 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-05-23 11:49 - 2016-05-23 11:49 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-05-23 11:49 - 2016-05-23 11:49 - 00000000 ____D C:\Windows\en
2016-05-23 11:49 - 2016-05-23 11:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-05-23 11:48 - 2016-05-23 11:50 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Windows Live
2016-05-23 11:31 - 2016-05-23 11:31 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-23 11:30 - 2016-05-23 11:31 - 00000000 ____D C:\ProgramData\Isolated Storage
2016-05-23 11:30 - 2016-05-23 11:30 - 00325102 _____ C:\Windows\gdp32.exe
2016-05-23 11:30 - 2016-05-23 11:30 - 00003400 _____ C:\Windows\System32\Tasks\SessionAgent
2016-05-23 11:28 - 2016-05-23 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-05-23 11:28 - 2016-05-23 11:28 - 00000000 ____D C:\Program Files\7-Zip
2016-05-23 11:14 - 2016-05-23 11:35 - 00008167 _____ C:\Users\Lazarus\Documents\starburn.txt
2016-05-23 11:14 - 2016-05-23 11:14 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Wondershare
2016-05-23 11:14 - 2016-05-23 11:14 - 00000000 ____D C:\ProgramData\Wondershare
2016-05-23 11:13 - 2016-05-23 11:20 - 00000000 ____D C:\Users\Lazarus\Documents\Wondershare Filmora
2016-05-23 11:12 - 2016-05-23 11:13 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-05-23 11:01 - 2016-05-23 11:55 - 00000000 ____D C:\Users\Lazarus\Desktop\Accident
2016-05-20 12:37 - 2016-05-20 12:37 - 00000000 ____D C:\Program Files\Intel
2016-05-20 12:37 - 2016-02-19 20:01 - 00404024 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2016-05-20 12:37 - 2016-02-19 20:01 - 00001904 ____N C:\Windows\system32\SetupBD.din
2016-05-18 21:19 - 2016-05-23 12:17 - 00000000 ____D C:\Users\Lazarus\AppData\LocalLow\Adobe
2016-05-18 18:15 - 2016-05-18 18:15 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Skyrim
2016-05-18 18:14 - 2016-05-18 18:14 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-05-18 18:14 - 2016-05-18 18:14 - 00000000 ____D C:\Program Files\MSBuild
2016-05-18 18:14 - 2016-05-18 18:14 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-05-18 18:14 - 2016-05-18 18:14 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-05-18 18:14 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2016-05-18 18:14 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-05-18 18:14 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-05-18 18:14 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2016-05-18 18:14 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-05-18 18:14 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-05-18 18:08 - 2016-05-18 18:08 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Fallout4
2016-05-18 18:08 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-05-18 18:08 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-05-18 18:08 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-05-18 18:08 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-05-18 18:08 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-05-18 18:08 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-05-18 18:08 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-05-18 18:08 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-05-18 18:08 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-05-18 18:08 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-05-18 18:08 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-05-18 18:08 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-05-18 18:08 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-05-18 18:08 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-05-18 18:08 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-05-18 18:08 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-05-18 18:08 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-05-18 18:08 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-05-18 18:08 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-05-18 18:08 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-05-18 18:08 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-05-18 18:08 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-05-18 18:08 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-05-18 18:08 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-05-18 18:08 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-05-18 18:08 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-05-18 18:08 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-05-18 18:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-05-18 18:08 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-05-18 18:08 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-05-18 18:08 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-05-18 18:08 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-05-18 18:08 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-05-18 18:08 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-05-18 18:08 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-05-18 18:08 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-05-18 18:08 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-05-18 18:08 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-05-18 18:08 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-05-18 18:08 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-05-18 18:08 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-05-18 18:08 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-05-18 18:08 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-05-18 18:08 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-05-18 18:08 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-05-18 18:08 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-05-18 18:08 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-05-18 18:08 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-05-18 18:08 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-05-18 18:08 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-05-18 18:08 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-05-18 18:08 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-05-18 18:08 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-05-18 18:08 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-05-18 18:08 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-05-18 18:08 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-05-18 18:08 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-05-18 18:08 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-05-18 18:08 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-05-18 18:08 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-05-18 18:08 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-05-18 18:08 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-05-18 18:08 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-05-18 18:08 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-05-18 18:08 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-05-18 18:08 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-05-18 18:08 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-05-18 18:08 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-05-18 18:08 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-05-18 18:08 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-05-18 18:08 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-05-18 18:08 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-05-18 18:08 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-05-18 18:08 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-05-18 18:08 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-05-18 18:08 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-05-18 18:08 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-05-18 18:08 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-05-18 18:08 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-05-18 18:08 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-05-18 18:08 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-05-18 18:08 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-05-18 18:08 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-05-18 18:08 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-05-18 18:08 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-05-18 18:08 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-05-18 18:08 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-05-18 18:08 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-05-18 18:08 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-05-18 18:08 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-05-18 18:08 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-05-18 18:08 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-05-18 18:08 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-05-18 18:08 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-05-18 18:08 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-05-18 18:08 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-05-18 18:08 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-05-18 18:08 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-05-18 18:08 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-05-18 18:08 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-05-18 18:08 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-05-18 18:08 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-05-18 18:08 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-05-18 18:08 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-05-18 18:08 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-05-18 18:08 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-05-18 18:08 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-05-18 18:08 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-05-18 18:08 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-05-18 18:08 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-05-18 18:08 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-05-18 18:08 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-05-18 18:08 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-05-18 18:08 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-05-18 18:08 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-05-18 18:08 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-05-18 18:08 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-05-18 18:08 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-05-18 18:08 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-05-18 18:08 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-05-18 18:08 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-05-18 18:08 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-05-18 18:08 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-05-18 18:08 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-05-18 18:08 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-05-18 18:08 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-05-18 18:08 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-05-18 18:08 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-05-18 18:08 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-05-18 18:08 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-05-18 18:08 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-05-18 18:08 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-05-18 18:08 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-05-18 18:08 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-05-18 18:08 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-05-18 18:08 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-05-18 18:08 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-05-18 18:08 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-05-18 18:08 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-05-18 18:08 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-05-18 18:08 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-05-18 18:08 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-05-18 18:08 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-05-18 18:08 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-05-18 18:08 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-05-18 18:08 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-05-18 18:08 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-05-18 18:08 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-05-18 18:08 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-05-18 18:08 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-05-18 15:13 - 2016-05-18 15:13 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-05-18 15:13 - 2016-05-18 15:13 - 00000000 ____D C:\Users\Lazarus\AppData\Local\FluxSoftware
2016-05-16 22:40 - 2016-05-21 22:43 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Twine
2016-05-16 22:40 - 2016-05-16 22:40 - 00000000 ____D C:\Users\Lazarus\Documents\Twine
2016-05-12 12:34 - 2016-05-12 12:34 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-05-12 08:59 - 2016-05-12 08:59 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-05-12 08:59 - 2016-05-12 08:59 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-05-11 21:55 - 2016-05-11 21:55 - 00000000 ____D C:\Users\Lazarus\Documents\Diablo III
2016-05-11 21:39 - 2016-03-24 13:13 - 00000984 _____ C:\Users\Lazarus\Desktop\skyrim.txt
2016-05-11 21:39 - 2016-03-17 01:38 - 00028445 _____ C:\Users\Lazarus\Desktop\temp.txt
2016-05-11 21:39 - 2015-12-26 15:19 - 00001101 _____ C:\Users\Lazarus\Desktop\books.txt
2016-05-11 21:39 - 2015-10-17 19:07 - 00000342 _____ C:\Users\Lazarus\Desktop\Dimensions.txt
2016-05-11 21:39 - 2014-09-23 22:54 - 00000683 _____ C:\Users\Lazarus\Desktop\Pictures - Shortcut.lnk
2016-05-11 21:37 - 2015-12-20 16:40 - 00681634 _____ C:\Users\Lazarus\Desktop\identify_that_rock_for_beginners_shelby_raymond_rev7-18-09.pdf
2016-05-11 21:37 - 2015-12-20 16:32 - 00815679 _____ C:\Users\Lazarus\Desktop\rock_tumbling_tutorial_for_beginners_rev7-18-09.pdf
2016-05-11 21:37 - 2015-11-30 18:15 - 82692146 _____ C:\Users\Lazarus\Desktop\Fallout 4 Vault Dweller's Survival Guide - ( Split - Printable ).pdf
2016-05-11 21:37 - 2015-11-16 21:16 - 00195199 _____ C:\Users\Lazarus\Desktop\EligibilityNotice (3).pdf
2016-05-11 21:37 - 2015-11-16 21:05 - 00193997 _____ C:\Users\Lazarus\Desktop\EligibilityNotice (2).pdf
2016-05-11 21:37 - 2015-11-16 21:05 - 00184707 _____ C:\Users\Lazarus\Desktop\EligibilityNotice (1).pdf
2016-05-11 21:37 - 2015-11-16 21:01 - 00193997 _____ C:\Users\Lazarus\Desktop\EligibilityNotice.pdf
2016-05-11 21:37 - 2014-06-13 22:49 - 08344179 _____ C:\Users\Lazarus\Desktop\Sled Driver.pdf
2016-05-11 21:37 - 2012-09-12 19:04 - 19351980 _____ C:\Users\Lazarus\Desktop\How an Economy Grows and Why It Crashes 2010.pdf
2016-05-11 21:36 - 2014-12-09 11:50 - 81494235 _____ C:\Users\Lazarus\Desktop\jesse-final-1.mp4
2016-05-11 21:35 - 2016-05-23 22:56 - 00000000 ____D C:\Users\Lazarus\Desktop\Resumes
2016-05-11 21:31 - 2016-05-23 20:00 - 00136192 ___SH C:\Users\Lazarus\Desktop\Thumbs.db
2016-05-11 21:28 - 2016-05-18 21:12 - 00000000 ____D C:\Users\Lazarus\Desktop\Photography
2016-05-11 21:28 - 2016-05-11 21:28 - 00000000 ____D C:\Users\Lazarus\Desktop\DownloadTumblrV1.2
2016-05-11 21:27 - 2016-05-23 22:56 - 00000000 ____D C:\Users\Lazarus\Desktop\Camaro
2016-05-11 21:27 - 2016-05-23 22:55 - 00000000 ____D C:\Users\Lazarus\Desktop\Utilities
2016-05-11 21:27 - 2016-05-23 22:55 - 00000000 ____D C:\Users\Lazarus\Desktop\Music Playlist
2016-05-11 21:27 - 2016-05-11 21:27 - 00000000 ____D C:\Users\Lazarus\Desktop\Reloading
2016-05-11 21:19 - 2016-05-23 17:00 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Battle.net
2016-05-11 21:19 - 2016-05-16 21:32 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Battle.net
2016-05-11 21:19 - 2016-05-11 21:19 - 00000697 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-05-11 21:19 - 2016-05-11 21:19 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Blizzard Entertainment
2016-05-11 21:19 - 2016-05-11 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-05-11 21:19 - 2016-05-11 21:19 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-05-11 21:18 - 2016-05-16 21:32 - 00000000 ____D C:\ProgramData\Battle.net
2016-05-11 21:13 - 2016-05-11 21:18 - 03219440 _____ (Blizzard Entertainment) C:\Users\Lazarus\Desktop\Diablo-III-Setup.exe
2016-05-11 21:09 - 2016-05-11 21:09 - 00000909 _____ C:\Users\Lazarus\Desktop\Adobe Photoshop CC 2015.lnk
2016-05-11 21:03 - 2016-05-12 09:14 - 00002816 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ZION-Lazarus
2016-05-11 21:02 - 2016-05-11 21:02 - 00000909 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-05-11 21:02 - 2016-05-11 21:02 - 00000000 ____D C:\Users\Lazarus\Documents\Adobe
2016-05-11 20:54 - 2016-05-11 20:54 - 00000000 ____D C:\Users\Lazarus\Documents\Dungeon of the Endless
2016-05-11 20:46 - 2016-05-11 20:54 - 00000000 ____D C:\Users\Lazarus\Documents\My games
2016-05-11 20:45 - 2016-05-11 20:45 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Steam
2016-05-11 20:45 - 2016-05-11 20:45 - 00000000 ____D C:\Users\Lazarus\AppData\Local\CEF
2016-05-11 20:44 - 2016-05-11 20:44 - 00000696 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-11 20:44 - 2016-05-11 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-11 15:57 - 2016-05-11 15:57 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-11 15:57 - 2016-05-11 15:57 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Sun
2016-05-11 15:57 - 2016-05-11 15:57 - 00000000 ____D C:\Users\Lazarus\AppData\LocalLow\Sun
2016-05-11 15:57 - 2016-05-11 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-11 15:56 - 2016-05-11 15:57 - 00000000 ____D C:\ProgramData\Oracle
2016-05-11 15:56 - 2016-05-11 15:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-11 15:55 - 2016-05-11 15:55 - 00000000 ____D C:\Users\Lazarus\AppData\LocalLow\Oracle
2016-05-11 14:44 - 2016-05-11 14:44 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-05-11 14:44 - 2016-05-11 14:44 - 00000000 ____D C:\Windows\PCHEALTH
2016-05-11 14:44 - 2016-05-11 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-05-11 14:42 - 2016-05-11 14:42 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-11 14:42 - 2016-05-11 14:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-05-11 14:41 - 2016-05-19 11:18 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Microsoft Help
2016-05-11 14:41 - 2016-05-11 14:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-11 14:41 - 2016-05-11 14:41 - 00000000 __RHD C:\MSOCache
2016-05-11 14:27 - 2016-05-11 14:27 - 00000861 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-11 14:27 - 2016-05-11 14:27 - 00000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-11 13:56 - 2016-05-11 14:29 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Mozilla
2016-05-11 13:56 - 2016-05-11 13:57 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Mozilla
2016-05-11 13:35 - 2016-05-23 22:10 - 00000000 ___RD C:\Users\Lazarus\Dropbox
2016-05-11 13:35 - 2016-05-11 13:35 - 00001303 _____ C:\Users\Lazarus\Desktop\Dropbox.lnk
2016-05-11 13:33 - 2016-05-23 22:38 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-11 13:33 - 2016-05-23 20:00 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-11 13:33 - 2016-05-11 13:35 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Dropbox
2016-05-11 13:33 - 2016-05-11 13:34 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-11 13:33 - 2016-05-11 13:33 - 00003980 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-05-11 13:33 - 2016-05-11 13:33 - 00003748 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-05-11 13:33 - 2016-05-11 13:33 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Dropbox
2016-05-11 13:33 - 2016-05-11 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 13:33 - 2016-05-11 13:33 - 00000000 ____D C:\ProgramData\Dropbox
2016-05-11 13:17 - 2016-05-23 22:08 - 00000000 ____D C:\Users\Lazarus\AppData\Local\PasswordSafe
2016-05-11 13:17 - 2016-05-11 13:37 - 00000000 ____D C:\Users\Lazarus\Documents\My Safes
2016-05-11 13:16 - 2016-05-11 13:24 - 00000000 ____D C:\Program Files (x86)\Password Safe
2016-05-11 13:16 - 2016-05-11 13:16 - 00001103 _____ C:\Users\Lazarus\Desktop\Password Safe.lnk
2016-05-11 13:16 - 2016-05-11 13:16 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
2016-05-11 12:36 - 2016-05-11 21:25 - 00000005 _____ C:\Users\Lazarus\Desktop\to do.txt
2016-05-11 11:45 - 2016-05-11 11:45 - 00008192 __RSH C:\BOOTSECT.BAK
2016-05-11 11:45 - 2016-05-11 10:49 - 00000000 ____D C:\Windows\Panther
2016-05-11 11:37 - 2016-05-11 11:37 - 00000772 _____ C:\Users\Public\Desktop\Vuze.lnk
2016-05-11 11:37 - 2016-05-11 11:37 - 00000772 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-05-11 11:37 - 2016-05-11 11:37 - 00000000 ____D C:\Users\Lazarus\.swt
2016-05-11 11:33 - 2016-05-23 16:40 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Azureus
2016-05-11 11:33 - 2016-05-11 11:33 - 00000000 ____D C:\Users\Lazarus\Documents\Vuze Downloads
2016-05-11 11:32 - 2016-05-11 15:57 - 00000000 ____D C:\Users\Lazarus\.oracle_jre_usage
2016-05-11 11:20 - 2016-05-11 11:20 - 00000434 __RSH C:\ProgramData\ntuser.pol
2016-05-11 10:55 - 2016-05-11 10:55 - 00000000 ____D C:\Users\Lazarus\AppData\Local\PeerDistRepub
2016-05-11 10:53 - 2016-05-11 10:54 - 00000000 ____D C:\Program Files\pia_manager
2016-05-11 10:53 - 2016-05-11 10:53 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-05-11 10:53 - 2016-05-11 10:53 - 00003252 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2016-05-11 10:53 - 2016-05-11 10:53 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Titanium
2016-05-11 10:53 - 2016-05-11 10:53 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2016-05-11 10:53 - 2016-05-11 10:53 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Apple Computer
2016-05-11 10:53 - 2016-05-11 10:53 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Apple Computer
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Default\My Documents
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-05-11 10:52 - 2016-05-11 10:52 - 00000000 _SHDL C:\Documents and Settings
2016-05-11 10:48 - 2016-05-11 10:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-05-11 10:12 - 2016-05-11 10:12 - 00000869 _____ C:\Users\Lazarus\Desktop\Adobe Lightroom.lnk
2016-05-11 10:12 - 2016-05-11 10:12 - 00000869 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2016-05-11 10:11 - 2016-05-11 21:00 - 00001619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-11 10:11 - 2016-05-11 21:00 - 00001607 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-05-11 09:31 - 2016-05-11 21:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-11 09:22 - 2016-05-11 21:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-05-11 09:19 - 2016-05-23 20:00 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Adobe
2016-05-11 09:19 - 2016-05-23 12:19 - 00000000 ____D C:\ProgramData\Adobe
2016-05-11 08:52 - 2016-05-11 08:52 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Macromedia
2016-05-11 08:49 - 2016-05-11 08:49 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\ATI
2016-05-11 08:49 - 2016-05-11 08:49 - 00000000 ____D C:\Users\Lazarus\AppData\Local\ATI
2016-05-11 08:49 - 2016-05-11 08:49 - 00000000 ____D C:\ProgramData\ATI
2016-05-11 08:47 - 2016-05-11 08:47 - 00001993 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2016-05-11 08:47 - 2016-05-11 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-05-11 08:47 - 2016-02-24 21:07 - 00207968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-05-11 08:46 - 2016-05-23 20:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-11 08:46 - 2016-05-21 03:54 - 00003126 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-05-11 08:46 - 2016-05-21 03:54 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-05-11 08:46 - 2016-05-11 08:47 - 00000000 ____D C:\Program Files\McAfee
2016-05-11 08:46 - 2016-05-11 08:46 - 00000000 ____D C:\ProgramData\Intel Security
2016-05-11 08:46 - 2016-05-11 08:46 - 00000000 ____D C:\Program Files\McAfee.com
2016-05-11 08:46 - 2016-05-11 08:46 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-05-11 08:46 - 2016-05-11 08:46 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-11 08:44 - 2016-05-21 03:55 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-11 08:44 - 2016-05-16 19:42 - 00000000 ____D C:\ProgramData\McAfee
2016-05-11 08:44 - 2016-03-07 15:38 - 00277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-05-11 08:29 - 2016-05-23 22:49 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 08:29 - 2016-05-23 20:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 08:29 - 2016-05-16 00:29 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Google
2016-05-11 08:29 - 2016-05-12 21:51 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-11 08:29 - 2016-05-12 21:51 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 08:29 - 2016-05-11 08:44 - 00003974 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 08:29 - 2016-05-11 08:44 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 08:29 - 2016-05-11 08:29 - 00987728 _____ (Google Inc.) C:\Users\Lazarus\Downloads\ChromeSetup.exe
2016-05-11 08:29 - 2016-05-11 08:29 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-11 08:27 - 2016-05-11 08:27 - 00000000 ____D C:\Users\Lazarus\AppData\Local\MicrosoftEdge
2016-05-11 08:14 - 2011-03-28 01:27 - 00002052 _____ C:\Users\Lazarus\Desktop\Computer Management.lnk
2016-05-11 08:14 - 2008-04-22 06:02 - 00000134 _____ C:\Users\Lazarus\Desktop\Device Manager - Shortcut.lnk
2016-05-11 08:14 - 2008-04-22 05:59 - 00000146 _____ C:\Users\Lazarus\Desktop\Network Connections - Shortcut.lnk
2016-05-11 08:10 - 2016-05-11 08:10 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Comms
2016-05-11 08:02 - 2016-05-11 08:02 - 00001247 _____ C:\Users\Lazarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-05-11 08:02 - 2016-04-22 03:57 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-05-11 08:00 - 2016-05-11 08:01 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 08:00 - 2016-05-11 08:00 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 07:59 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdport.sys
2016-05-11 07:59 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-05-11 07:59 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-05-11 07:59 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-05-11 07:59 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2016-05-11 07:59 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-05-11 07:59 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-05-11 07:59 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-05-11 07:59 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-05-11 07:59 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-05-11 07:59 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-11 07:59 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-11 07:59 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-11 07:59 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-11 07:59 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-11 07:59 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-05-11 07:59 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-11 07:59 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-11 07:59 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 07:59 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 07:59 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 07:59 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 07:59 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 07:59 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 07:59 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-05-11 07:59 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-05-11 07:59 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-05-11 07:59 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-05-11 07:59 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 07:59 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-11 07:59 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-05-11 07:59 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2016-05-11 07:59 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-05-11 07:59 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-05-11 07:59 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-05-11 07:59 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-05-11 07:59 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-05-11 07:59 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-05-11 07:59 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-05-11 07:59 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-05-11 07:59 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufxsynopsys.sys
2016-05-11 07:59 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-05-11 07:59 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 07:59 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 07:59 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-05-11 07:59 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-11 07:59 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-11 07:59 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-05-11 07:59 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-11 07:59 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-05-11 07:59 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-05-11 07:59 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-05-11 07:59 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-05-11 07:59 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-05-11 07:59 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-05-11 07:59 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-11 07:59 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-05-11 07:59 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-05-11 07:59 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-05-11 07:59 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-05-11 07:59 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-05-11 07:59 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2016-05-11 07:59 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-05-11 07:59 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 07:59 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-05-11 07:59 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 07:59 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-05-11 07:59 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-05-11 07:59 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 07:59 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 07:59 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2016-05-11 07:59 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\Windows\system32\dwminit.dll
2016-05-11 07:59 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-05-11 07:59 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-05-11 07:59 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-05-11 07:59 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-05-11 07:59 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\hmkd.dll
2016-05-11 07:59 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-11 07:59 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2016-05-11 07:59 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-05-11 07:59 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2016-05-11 07:59 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\ByteCodeGenerator.exe
2016-05-11 07:59 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-05-11 07:59 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 07:59 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-05-11 07:59 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 07:59 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-05-11 07:59 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-05-11 07:59 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-05-11 07:59 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-05-11 07:59 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-05-11 07:59 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-05-11 07:59 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filecrypt.sys
2016-05-11 07:59 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-05-11 07:59 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-05-11 07:59 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hmkd.dll
2016-05-11 07:59 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe
2016-05-11 07:59 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-11 07:59 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-05-11 07:59 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 07:59 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-05-11 07:59 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-05-11 07:59 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-05-11 07:59 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-05-11 07:59 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-05-11 07:59 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2016-05-11 07:59 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-05-11 07:59 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-05-11 07:59 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-05-11 07:59 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-05-11 07:59 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-05-11 07:59 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-05-11 07:59 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-05-11 07:59 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-05-11 07:59 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-05-11 07:59 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-05-11 07:59 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-05-11 07:59 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2016-05-11 07:59 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-11 07:59 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2016-05-11 07:59 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 07:59 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-05-11 07:59 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-05-11 07:59 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2016-05-11 07:59 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\BrowserSettingSync.dll
2016-05-11 07:59 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-05-11 07:59 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-05-11 07:59 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-05-11 07:59 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-05-11 07:59 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 07:59 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-05-11 07:59 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-11 07:59 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-05-11 07:59 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-05-11 07:59 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 07:59 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-05-11 07:59 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-05-11 07:59 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2016-05-11 07:59 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BrowserSettingSync.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-05-11 07:59 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-05-11 07:59 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-05-11 07:59 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-05-11 07:59 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-05-11 07:59 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 07:59 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2016-05-11 07:59 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-05-11 07:59 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-11 07:59 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-05-11 07:59 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-05-11 07:59 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-05-11 07:59 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 07:59 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-05-11 07:59 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 07:59 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 07:59 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-05-11 07:59 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-05-11 07:59 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-05-11 07:59 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-05-11 07:59 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-11 07:59 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 07:59 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-05-11 07:59 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 07:59 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 07:59 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-05-11 07:59 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 07:59 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-05-11 07:59 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 07:59 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-05-11 07:59 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-05-11 07:59 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-05-11 07:59 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 07:59 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-11 07:59 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-05-11 07:59 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-05-11 07:59 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-05-11 07:59 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 07:59 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-05-11 07:59 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 07:59 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-11 07:59 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-05-11 07:59 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-05-11 07:59 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-05-11 07:59 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-05-11 07:59 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-05-11 07:59 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-05-11 07:59 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-05-11 07:59 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-05-11 07:59 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-05-11 07:59 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-05-11 07:59 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-11 07:59 - 2016-04-22 22:10 - 00002186 _____ C:\Windows\system32\AppxProvisioning.xml
2016-05-11 07:59 - 2016-04-18 18:30 - 00002186 _____ C:\Windows\SysWOW64\AppxProvisioning.xml
2016-05-11 07:59 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-05-11 07:59 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2016-05-11 07:59 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-05-11 07:59 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-05-11 07:59 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2016-05-11 07:59 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NotificationObjFactory.dll
2016-05-11 07:59 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-05-11 07:59 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-05-11 07:59 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-05-11 07:59 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-05-11 07:59 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 07:59 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-05-11 07:59 - 2016-03-29 06:20 - 02656952 _____ C:\Windows\system32\CoreUIComponents.dll
2016-05-11 07:59 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 07:59 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-05-11 07:59 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-05-11 07:59 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2016-05-11 07:59 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-05-11 07:59 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-05-11 07:59 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-05-11 07:59 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-05-11 07:59 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-05-11 07:59 - 2016-03-29 05:37 - 01862008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-05-11 07:59 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-05-11 07:59 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-05-11 07:59 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-05-11 07:59 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-05-11 07:59 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-05-11 07:59 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-05-11 07:59 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-05-11 07:59 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2016-05-11 07:59 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2016-05-11 07:59 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2016-05-11 07:59 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 07:59 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-05-11 07:59 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2016-05-11 07:59 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-05-11 07:59 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-05-11 07:59 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-05-11 07:59 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-05-11 07:59 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2016-05-11 07:59 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2016-05-11 07:59 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 07:59 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2016-05-11 07:59 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-05-11 07:59 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-05-11 07:59 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-05-11 07:59 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-05-11 07:59 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2016-05-11 07:59 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2016-05-11 07:59 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-05-11 07:59 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\oleacchooks.dll
2016-05-11 07:59 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-05-11 07:59 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-05-11 07:59 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-05-11 07:59 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2016-05-11 07:59 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2016-05-11 07:59 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-05-11 07:59 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 07:59 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-05-11 07:59 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-11 07:59 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2016-05-11 07:59 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-05-11 07:59 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2016-05-11 07:59 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-05-11 07:59 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-05-11 07:59 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2016-05-11 07:59 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-05-11 07:59 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-05-11 07:59 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-05-11 07:59 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-05-11 07:59 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-05-11 07:59 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2016-05-11 07:59 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-05-11 07:59 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-05-11 07:59 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-05-11 07:59 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2016-05-11 07:59 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2016-05-11 07:59 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-05-11 07:59 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-05-11 07:59 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-05-11 07:59 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2016-05-11 07:59 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-05-11 07:59 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-05-11 07:59 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-05-11 07:59 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-05-11 07:59 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-05-11 07:59 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-05-11 07:59 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-05-11 07:59 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-05-11 07:59 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-05-11 07:59 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-05-11 07:59 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-05-11 07:59 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-05-11 07:59 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-11 07:59 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-05-11 07:59 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-05-11 07:59 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.V2.dll
2016-05-11 07:59 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2016-05-11 07:59 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-05-11 07:59 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-05-11 07:59 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacchooks.dll
2016-05-11 07:59 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-05-11 07:59 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-05-11 07:59 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-05-11 07:59 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-05-11 07:59 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-05-11 07:59 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-05-11 07:59 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-05-11 07:59 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-05-11 07:59 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 07:59 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-05-11 07:59 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-05-11 07:59 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-11 07:59 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2016-05-11 07:59 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-05-11 07:59 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2016-05-11 07:59 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-05-11 07:59 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-05-11 07:59 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-05-11 07:59 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-05-11 07:59 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-05-11 07:59 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2016-05-11 07:59 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-05-11 07:59 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
2016-05-11 07:59 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2016-05-11 07:59 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-05-11 07:59 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-05-11 07:59 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-05-11 07:59 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-05-11 07:59 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-05-11 07:59 - 2016-03-29 03:00 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-05-11 07:59 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-05-11 07:59 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-05-11 07:59 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-11 07:59 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-05-11 07:59 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-05-11 07:59 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-05-11 07:59 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-05-11 07:59 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-05-11 07:59 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-05-11 07:59 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2016-05-11 07:59 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-05-11 07:59 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-05-11 07:59 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AccountsRt.dll
2016-05-11 07:59 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-05-11 07:59 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-11 07:59 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-05-11 07:59 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-05-11 07:59 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-05-11 07:59 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-05-11 07:59 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-05-11 07:59 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-05-11 07:59 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-05-11 07:59 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-05-11 07:59 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-05-11 07:59 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-05-11 07:59 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-05-11 07:59 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-05-11 07:59 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-05-11 07:59 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-05-11 07:59 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-05-11 07:59 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-05-11 07:59 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2016-05-11 07:59 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-05-11 07:59 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-05-11 07:59 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-05-11 07:59 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-05-11 07:59 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-05-11 07:59 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-05-11 07:59 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-05-11 07:59 - 2016-03-29 02:27 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-05-11 07:59 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-05-11 07:59 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-05-11 07:59 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 07:59 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-05-11 07:59 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-05-11 07:59 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-11 07:59 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-05-11 07:59 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-05-11 07:59 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-05-11 07:59 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-05-11 07:59 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 07:59 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-05-11 07:59 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-05-11 07:59 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-05-11 07:59 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 07:59 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-05-11 07:59 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-05-11 07:59 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-05-11 07:59 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2016-05-11 07:59 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-05-11 07:59 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-05-11 07:59 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-05-11 07:59 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-05-11 07:59 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-05-11 07:59 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-05-11 07:59 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-05-11 07:59 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-05-11 07:59 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-05-11 07:59 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-05-11 07:59 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-05-11 07:59 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-05-11 07:59 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-05-11 07:59 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-05-11 07:59 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-05-11 07:59 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-05-11 07:59 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-05-11 07:59 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-05-11 07:59 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-11 07:59 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-05-11 07:59 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-05-11 07:59 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-05-11 07:59 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-05-11 07:59 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-05-11 07:59 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-05-11 07:59 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-05-11 07:59 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-05-11 07:59 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-05-11 07:59 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-05-11 07:59 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-05-11 07:59 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-05-11 07:59 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-05-11 07:59 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-05-11 07:59 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-05-11 07:59 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-05-11 07:59 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-05-11 07:59 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-05-11 07:59 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-05-11 07:59 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-05-11 07:59 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-05-11 07:59 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-05-11 07:59 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-05-11 07:59 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-05-11 07:59 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-05-11 07:59 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-05-11 07:59 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-05-11 07:59 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-05-11 07:59 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-05-11 07:59 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-05-11 07:59 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-05-11 07:59 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-05-11 07:59 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-05-11 07:59 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-05-11 07:59 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-05-11 07:59 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-05-11 07:59 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-05-11 07:59 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-05-11 07:59 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-05-11 07:59 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-05-11 07:59 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-05-11 07:59 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-05-11 07:59 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-05-11 07:59 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-05-11 07:59 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-05-11 07:59 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-05-11 07:59 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-05-11 07:59 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-05-11 07:59 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-05-11 07:59 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-05-11 07:59 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-05-11 07:59 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-05-11 07:59 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-05-11 07:59 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-05-11 07:59 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-05-11 07:59 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-05-11 07:59 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-05-11 07:59 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-05-11 07:59 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-05-11 07:59 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-05-11 07:59 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-05-11 07:59 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-05-11 07:59 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-05-11 07:59 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-05-11 07:59 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-05-11 07:59 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-05-11 07:59 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-05-11 07:59 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-05-11 07:59 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-05-11 07:59 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-05-11 07:59 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-05-11 07:59 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-05-11 07:59 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-05-11 07:59 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-05-11 07:59 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-05-11 07:59 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-05-11 07:59 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-05-11 07:59 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-05-11 07:59 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-05-11 07:59 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-05-11 07:59 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-05-11 07:59 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-05-11 07:59 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-05-11 07:59 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-05-11 07:59 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-05-11 07:59 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-05-11 07:59 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-05-11 07:59 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-05-11 07:59 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-05-11 07:59 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-05-11 07:59 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-05-11 07:59 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-05-11 07:59 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-05-11 07:59 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-05-11 07:59 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-05-11 07:59 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-05-11 07:59 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2016-05-11 07:59 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2016-05-11 07:59 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-05-11 07:59 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-05-11 07:59 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-05-11 07:59 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-05-11 07:59 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-05-11 07:59 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-05-11 07:59 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-05-11 07:59 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2016-05-11 07:59 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-05-11 07:59 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2016-05-11 07:59 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 07:59 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-05-11 07:59 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 07:59 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-05-11 07:59 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-05-11 07:59 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-05-11 07:59 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2016-05-11 07:59 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-05-11 07:59 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2016-05-11 07:59 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-05-11 07:59 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2016-05-11 07:59 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\XblGameSave.dll
2016-05-11 07:59 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2016-05-11 07:59 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\provpackageapidll.dll
2016-05-11 07:59 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2016-05-11 07:59 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-05-11 07:59 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2016-05-11 07:59 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2016-05-11 07:59 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-05-11 07:59 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2016-05-11 07:59 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\irmon.dll
2016-05-11 07:59 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-05-11 07:59 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2016-05-11 07:59 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2016-05-11 07:59 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-05-11 07:59 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll
2016-05-11 07:59 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2016-05-11 07:59 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-05-11 07:59 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2016-05-11 07:59 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2016-05-11 07:59 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-05-11 07:59 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll
2016-05-11 07:59 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\wifiprofilessettinghandler.dll
2016-05-11 07:59 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-05-11 07:59 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-05-11 07:59 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2016-05-11 07:59 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-05-11 07:59 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-05-11 07:59 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2016-05-11 07:59 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-05-11 07:59 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2016-05-11 07:59 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2016-05-11 07:59 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-05-11 07:59 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-05-11 07:59 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-05-11 07:59 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-05-11 07:59 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-05-11 07:59 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-05-11 07:59 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-05-11 07:59 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-05-11 07:59 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-05-11 07:59 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 07:59 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2016-05-11 07:59 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll
2016-05-11 07:59 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-05-11 07:59 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2016-05-11 07:59 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-05-11 07:59 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-05-11 07:59 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll
2016-05-11 07:59 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2016-05-11 07:59 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-05-11 07:59 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-05-11 07:59 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-05-11 07:59 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-05-11 07:59 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-05-11 07:59 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-11 07:59 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-05-11 07:59 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-05-11 07:59 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-05-11 07:59 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-05-11 07:59 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-05-11 07:59 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-05-11 07:59 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-05-11 07:59 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2016-05-11 07:59 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2016-05-11 07:59 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-05-11 07:58 - 2016-05-23 20:06 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-11 07:57 - 2016-05-11 09:23 - 00000000 ____D C:\Users\Lazarus\AppData\Local\AMD
2016-05-11 07:57 - 2016-05-11 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-05-11 07:57 - 2016-05-11 07:57 - 00000000 ____D C:\Program Files\ATI Technologies
2016-05-11 07:57 - 2016-05-11 07:57 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-11 07:56 - 2016-05-11 09:21 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-11 07:56 - 2016-05-11 07:57 - 00000000 ____D C:\Program Files\AMD
2016-05-11 07:56 - 2016-05-11 07:56 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-05-11 07:56 - 2016-05-11 07:56 - 00000000 ____D C:\AMD
2016-05-11 07:56 - 2016-05-11 07:56 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-05-11 07:55 - 2016-05-20 08:48 - 00002407 _____ C:\Users\Lazarus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-11 07:55 - 2016-05-20 08:48 - 00000000 ___RD C:\Users\Lazarus\OneDrive
2016-05-11 07:54 - 2016-05-23 19:57 - 00000000 ____D C:\Users\Lazarus
2016-05-11 07:54 - 2016-05-23 12:17 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\Adobe
2016-05-11 07:54 - 2016-05-11 13:34 - 00000000 ____D C:\Users\Lazarus\AppData\Local\VirtualStore
2016-05-11 07:54 - 2016-05-11 08:47 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Packages
2016-05-11 07:54 - 2016-05-11 07:54 - 00000020 ___SH C:\Users\Lazarus\ntuser.ini
2016-05-11 07:54 - 2016-05-11 07:54 - 00000000 _SHDL C:\Users\Lazarus\My Documents
2016-05-11 07:54 - 2016-05-11 07:54 - 00000000 _SHDL C:\Users\Lazarus\Documents\My Videos
2016-05-11 07:54 - 2016-05-11 07:54 - 00000000 _SHDL C:\Users\Lazarus\Documents\My Pictures
2016-05-11 07:54 - 2016-05-11 07:54 - 00000000 _SHDL C:\Users\Lazarus\Documents\My Music
2016-05-11 07:54 - 2016-05-11 07:54 - 00000000 ____D C:\Users\Lazarus\AppData\Local\TileDataLayer
2016-05-11 07:54 - 2016-05-11 07:54 - 00000000 ____D C:\Users\Lazarus\AppData\Local\Publishers
2016-05-11 07:54 - 2016-05-11 07:54 - 00000000 ____D C:\Users\Lazarus\AppData\Local\ActiveSync
2016-05-11 07:52 - 2016-05-11 07:52 - 00000000 ____D C:\Windows\CSC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-23 20:06 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-05-23 19:59 - 2016-02-13 09:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-23 19:59 - 2016-02-13 09:12 - 00280000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-23 19:59 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-05-23 19:57 - 2015-10-30 02:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-05-23 18:58 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-05-23 11:49 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-21 22:55 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-21 03:55 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-05-18 22:53 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-05-18 18:15 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-05-12 23:31 - 2015-10-30 03:24 - 00000167 _____ C:\Windows\win.ini
2016-05-12 04:45 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\appcompat
2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 14:42 - 2016-02-13 09:04 - 00000000 ____D C:\Windows\ShellNew
2016-05-11 11:45 - 2015-10-30 03:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-05-11 11:19 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-11 10:48 - 2015-10-30 02:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-05-11 08:08 - 2016-02-13 09:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 08:04 - 2016-02-13 09:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 08:04 - 2015-10-30 03:24 - 00015703 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 __RSD C:\Windows\Media
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\oobe
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\Provisioning
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-05-11 08:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-05-11 08:04 - 2015-10-30 02:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-05-11 08:04 - 2015-10-30 02:28 - 00000000 ____D C:\Windows\system32\Dism
2016-05-11 07:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
 
Some files in TEMP:
====================
C:\Users\Lazarus\AppData\Local\Temp\filmora_full846.exe
C:\Users\Lazarus\AppData\Local\Temp\i4jdel0.exe
C:\Users\Lazarus\AppData\Local\Temp\i4jdel1.exe
C:\Users\Lazarus\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Lazarus\AppData\Local\Temp\proxy_vole2298606299720017183.dll
C:\Users\Lazarus\AppData\Local\Temp\proxy_vole2939333114155612621.dll
C:\Users\Lazarus\AppData\Local\Temp\proxy_vole6739734568540730968.dll
C:\Users\Lazarus\AppData\Local\Temp\setup.exe
C:\Users\Lazarus\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-21 20:34
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-05-2016
Ran by Lazarus (2016-05-23 23:00:15)
Running from C:\Users\Lazarus\Desktop
Windows 10 Pro Version 1511 (X64) (2016-05-11 11:53:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3875056975-3876241670-1242926050-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3875056975-3876241670-1242926050-503 - Limited - Disabled)
Guest (S-1-5-21-3875056975-3876241670-1242926050-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3875056975-3876241670-1242926050-1003 - Limited - Enabled)
Lazarus (S-1-5-21-3875056975-3876241670-1242926050-1001 - Administrator - Enabled) => C:\Users\Lazarus

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
f.lux (HKU\S-1-5-21-3875056975-3876241670-1242926050-1001\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Network Connections 20.7.68.0 (HKLM\...\PROSetDX) (Version: 20.7.68.0 - Intel)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.190 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x64 en-US)) (Version: 43.0.4 - Mozilla)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.1.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3875056975-3876241670-1242926050-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lazarus\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0800E5B5-03CD-438E-8A35-A540C260CED1} - System32\Tasks\SessionAgent => C:\windows\gdp32.exe [2016-05-23] ()
Task: {0C45A0E7-E956-48FC-8ED9-E23A8BB5905F} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {44B5C5C8-D7D5-4392-AA77-19F0E8521A2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.)
Task: {58E632FE-F81A-48DE-8606-FAEFA5EF91A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.)
Task: {8C18CE31-0829-4B37-BE19-0F9B69E96253} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-05-11] ()
Task: {A5085100-193C-4D4A-BE7B-E218992AB367} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {AEBCB92D-8E3E-455A-97C6-A1C1EE3E7BD2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {AF60639B-8D18-4812-993E-80296CA225F8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-11] (Dropbox, Inc.)
Task: {C0B7D0C2-E099-4F91-A10E-832D8DB0E40C} - System32\Tasks\AdobeAAMUpdater-1.0-ZION-Lazarus => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {E682B2A6-BDDC-4E14-AF55-1187A1F9B1DA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-11] (Dropbox, Inc.)
Task: {F2C9180A-C61F-4B37-AECF-1D942D4A243E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-05-11 07:59 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 07701776 _____ () C:\Program Files\pia_manager\pia_manager.exe
2016-05-11 08:36 - 2016-05-11 08:37 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-06-25 19:34 - 2015-06-25 19:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 19:37 - 2015-06-25 19:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 19:35 - 2015-06-25 19:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 19:38 - 2015-06-25 19:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 18:53 - 2015-06-25 18:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 18:51 - 2015-06-25 18:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-05-11 07:59 - 2016-03-29 06:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-20 08:48 - 2016-05-20 08:48 - 00959168 _____ () C:\Users\Lazarus\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-11 07:59 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 07:59 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 07:59 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 07:59 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 07:59 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-11-30 02:07 - 2015-11-30 02:07 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-05-11 08:36 - 2016-05-11 08:37 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-11 08:36 - 2016-05-11 08:37 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-20 08:48 - 2016-05-20 08:48 - 00679624 _____ () C:\Users\Lazarus\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2013-03-12 20:10 - 2016-04-29 16:10 - 00785920 _____ () W:\Program Files\Steam\SDL2.dll
2015-01-19 19:25 - 2015-07-03 12:12 - 04962816 _____ () W:\Program Files\Steam\v8.dll
2014-05-30 21:51 - 2016-04-29 20:10 - 02549840 _____ () W:\Program Files\Steam\video.dll
2014-08-28 22:24 - 2016-02-08 19:14 - 02549760 _____ () W:\Program Files\Steam\libavcodec-56.dll
2014-08-28 22:24 - 2016-02-08 19:14 - 00491008 _____ () W:\Program Files\Steam\libavformat-56.dll
2014-08-28 22:24 - 2016-02-08 19:14 - 00332800 _____ () W:\Program Files\Steam\libavresample-2.dll
2014-08-28 22:24 - 2016-02-08 19:14 - 00442880 _____ () W:\Program Files\Steam\libavutil-54.dll
2014-08-28 22:24 - 2016-02-08 19:14 - 00485888 _____ () W:\Program Files\Steam\libswscale-3.dll
2015-01-19 19:25 - 2015-07-03 12:12 - 01556992 _____ () W:\Program Files\Steam\icui18n.dll
2015-01-19 19:25 - 2015-07-03 12:12 - 01187840 _____ () W:\Program Files\Steam\icuuc.dll
2011-07-12 16:55 - 2016-04-29 20:10 - 00829008 _____ () W:\Program Files\Steam\bin\chromehtml.DLL
2016-03-08 20:11 - 2016-02-17 18:25 - 00281088 _____ () W:\Program Files\Steam\openvr_api.dll
2011-04-26 18:08 - 2016-04-27 21:00 - 49825056 _____ () W:\Program Files\Steam\bin\libcef.dll
2016-05-23 20:00 - 2016-05-23 20:00 - 00012800 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00009728 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00014848 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00094208 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\src\rgloader\rgloader193.mswin.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00009216 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00094208 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00126976 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00087552 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00016384 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00127316 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\bin\libffi-6.dll
2016-05-23 20:00 - 2016-05-23 20:00 - 00008704 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00013312 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00095744 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00026624 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocrD64.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00012800 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00009728 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00014848 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00094208 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\src\rgloader\rgloader193.mswin.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00094208 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00118784 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00069120 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00083968 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\bin\zlib1.dll
2016-05-23 20:00 - 2016-05-23 20:00 - 00026624 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00275968 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00015360 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00008192 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00009216 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00023552 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00008704 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00008704 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00008704 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00008704 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00036352 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00126976 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00087552 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00016384 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00127316 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\bin\libffi-6.dll
2016-05-23 20:00 - 2016-05-23 20:00 - 00013312 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00095744 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-05-23 20:00 - 2016-05-23 20:00 - 00026624 _____ () C:\Users\Lazarus\AppData\Local\Temp\ocr6AF5.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-05-11 10:53 - 2016-05-11 10:53 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2016-05-11 10:53 - 2016-05-11 10:53 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-12 21:51 - 2016-05-11 07:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 21:51 - 2016-05-11 07:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-12 21:51 - 2016-05-11 07:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\ProgramData:{75006A00-5400-7800-2F00-6A0056006200} [192]
AlternateDataStreams: C:\Users\All Users:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\Users\All Users:{75006A00-5400-7800-2F00-6A0056006200} [192]
AlternateDataStreams: C:\ProgramData\Application Data:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\ProgramData\Application Data:{75006A00-5400-7800-2F00-6A0056006200} [192]
AlternateDataStreams: C:\Users\Lazarus\AppData\Local\Temp:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\Users\Lazarus\AppData\Local\Temp:{75006A00-5400-7800-2F00-6A0056006200} [192]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2016-05-11 21:04 - 00506844 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru

There are 12015 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3875056975-3876241670-1242926050-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lazarus\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{697e7079-5679-4d91-9c37-c84ec1e0864b}.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EFCE37DE-7F35-4A7A-A932-5B7FCB6B86C1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4AA99055-27D1-409B-B4BA-F7FB0F30E9C7}] => (Allow) D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{9B44DFDD-EB2B-44BF-B11B-C2C2BB14AA8D}] => (Allow) D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3A59D2EB-D989-418A-9EF0-88A66199E50C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{B1F5F8F8-D63A-4202-98DE-F2386044675D}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{06FF2585-AECF-4C84-BF67-86BAEB7499FD}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{06E1525F-2F7A-4951-A5B8-EB59BD446213}] => (Allow) W:\Program Files\Steam\Steam.exe
FirewallRules: [{495E8DDB-6C03-4E99-8859-D254E9FA8338}] => (Allow) W:\Program Files\Steam\Steam.exe
FirewallRules: [{B2B51619-6754-4650-8C24-CE6FB74E8F8E}] => (Allow) W:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{35756DD3-C8C7-44FA-99DC-652CE7869646}] => (Allow) W:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{C011CE91-426A-4F52-8D5A-B2ED8D896244}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EE85D2F9-81B0-405B-B6D3-D75EA755A910}] => (Allow) W:\Program Files\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{3AB77D38-4741-4A7B-AA64-375DC4FBF84B}] => (Allow) W:\Program Files\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{6372A5A5-D808-4F77-8982-A9CF03208613}] => (Allow) C:\ProgramData\system.exe
FirewallRules: [{292A30BF-6EB1-4E69-93BD-506C16B4DF11}] => (Allow) C:\ProgramData\system.exe
FirewallRules: [{AA8FF012-123A-4681-A5A9-602E6F6622B6}] => (Allow) C:\ProgramData\system.exe
FirewallRules: [{D07F9E1F-0423-48A4-ACCE-7D41DF73F3C6}] => (Allow) C:\ProgramData\system.exe
FirewallRules: [{7C01F956-1342-4EB8-8B55-D0CF85EAE47B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DC926FE6-877E-4B29-98DA-368EFBD70168}] => (Allow) LPort=2869
FirewallRules: [{58DC4ACB-A8A7-430D-9F57-637582D9DED0}] => (Allow) LPort=1900
FirewallRules: [{9D4E638A-93A1-41D0-88E7-401806E0C6CB}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
FirewallRules: [{5D71A02A-7D20-451F-B74D-FD6725B1AE0A}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
FirewallRules: [{03121B35-AAF6-4269-B922-25FD289464DF}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
FirewallRules: [{9B7E7419-BBD2-4AC2-A532-8DB819C238A7}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe

==================== Restore Points =========================

11-05-2016 07:56:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
14-05-2016 10:22:09 Windows Update
18-05-2016 07:52:26 Windows Modules Installer
20-05-2016 12:36:52 Installed Intel® Network Connections.
23-05-2016 11:48:15 Windows Live Essentials
23-05-2016 11:48:44 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2016 07:54:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2ca8

Start Time: 01d1b51a182bb427

Termination Time: 4294967295

Application Path: D:\Program Files\Mozilla Firefox\firefox.exe

Report Id: a47357b3-2141-11e6-bdcd-10bf487f7e64

Faulting package full name:

Faulting package-relative application ID:

Error: (05/23/2016 01:45:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2498

Start Time: 01d1b1edc5710972

Termination Time: 4294967295

Application Path: D:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 2d386c7f-210d-11e6-bdcd-10bf487f7e64

Faulting package full name:

Faulting package-relative application ID:

Error: (05/23/2016 12:49:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 15.16.20039.54196, time stamp: 0x5728a6b1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000008
Fault offset: 0xffb98c7a
Faulting process id: 0x3a7c
Faulting application start time: 0xAcroRd32.exe0
Faulting application path: AcroRd32.exe1
Faulting module path: AcroRd32.exe2
Report Id: AcroRd32.exe3
Faulting package full name: AcroRd32.exe4
Faulting package-relative application ID: AcroRd32.exe5

Error: (05/23/2016 12:26:07 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/23/2016 11:48:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/23/2016 11:48:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/20/2016 12:36:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/18/2016 07:52:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/17/2016 10:20:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 15a0

Start Time: 01d1ae10894e1ab4

Termination Time: 4294967295

Application Path: D:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 146b73b9-1c39-11e6-bdcd-10bf487f7e64

Faulting package full name:

Faulting package-relative application ID:

Error: (05/14/2016 10:22:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (05/23/2016 10:01:25 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk5\DR5, has a bad block.

Error: (05/23/2016 08:04:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/23/2016 07:59:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error:
%%2147944153

Error: (05/23/2016 07:56:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3e8438 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/23/2016 07:56:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3e8438 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/23/2016 07:56:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3e8438 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/23/2016 07:56:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3e8438 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/23/2016 07:56:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/23/2016 03:56:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (05/22/2016 03:56:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1


CodeIntegrity:
===================================
Date: 2016-05-23 20:04:09.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-19 03:32:27.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-18 08:51:12.024
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-15 03:29:42.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 21:38:04.067
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 10:53:48.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 10:40:16.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 08:08:05.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 08:02:41.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 07:54:29.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 16336.88 MB
Available physical RAM: 11339.41 MB
Total Virtual: 18768.88 MB
Available Virtual: 13059.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.13 GB) (Free:175.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.61 GB) (Free:565.97 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.41 GB) (Free:296.61 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.78 GB) (Free:691.52 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:931.23 GB) (Free:528.3 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:931.51 GB) (Free:33.74 GB) NTFS
Drive j: (New Volume) (Fixed) (Total:698.63 GB) (Free:132.35 GB) NTFS
Drive k: (LUKAS) (Removable) (Total:58.09 GB) (Free:0.94 GB) FAT32
Drive w: (Games) (Fixed) (Total:476.94 GB) (Free:193.24 GB) NTFS
Drive y: (New Volume) (Fixed) (Total:3725.9 GB) (Free:733.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 476.9 GB) (Disk ID: 1F426B1E)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: E56889D8)
Partition 1: (Active) - (Size=223.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 947D1864)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3726 GB) (Disk ID: 51672A4C)

Partition: GPT.

========================================================
Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 65283CAC)
Partition 1: (Not Active) - (Size=931.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 8A61F4DC)
Partition 1: (Not Active) - (Size=931.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 346129D5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 58.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 27 May 2016 - 09:53 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:14 AM

Posted 27 May 2016 - 09:37 AM

Greetings JTSnow and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review the logs. I will be posting back shortly.

Edited by Oh My!, 27 May 2016 - 09:38 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:14 AM

Posted 27 May 2016 - 10:11 AM

Greetings and thank you again for your patience.

Yes you were significantly compromised and I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Emsisoft Anti-Malware
McAfee Anti-Virus and Anti-Spyware


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
SearchScopes: HKU\S-1-5-21-3875056975-3876241670-1242926050-1001 -> DefaultScope {9DB0D604-F694-46CA-A70B-E9D6883DC363} URL = 
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Lazarus\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
2016-05-23 11:30 - 2016-05-23 11:31 - 00000000 ____D C:\ProgramData\Isolated Storage
2016-05-23 11:30 - 2016-05-23 11:30 - 00325102 _____ C:\Windows\gdp32.exe
2016-05-23 11:30 - 2016-05-23 11:30 - 00003400 _____ C:\Windows\System32\Tasks\SessionAgent
C:\Users\Lazarus\AppData\Local\Temp\setup.exe
C:\Users\Lazarus\AppData\Local\Temp\Uninstall.exe
Task: {0800E5B5-03CD-438E-8A35-A540C260CED1} - System32\Tasks\SessionAgent => C:\windows\gdp32.exe [2016-05-23] ()
AlternateDataStreams: C:\ProgramData:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\ProgramData:{75006A00-5400-7800-2F00-6A0056006200} [192]
AlternateDataStreams: C:\Users\All Users:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\Users\All Users:{75006A00-5400-7800-2F00-6A0056006200} [192]
AlternateDataStreams: C:\ProgramData\Application Data:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\ProgramData\Application Data:{75006A00-5400-7800-2F00-6A0056006200} [192]
AlternateDataStreams: C:\Users\Lazarus\AppData\Local\Temp:{46007600-3300-5300-7100-4D0075007700} [856]
AlternateDataStreams: C:\Users\Lazarus\AppData\Local\Temp:{75006A00-5400-7800-2F00-6A0056006200} [192]
FirewallRules: [{6372A5A5-D808-4F77-8982-A9CF03208613}] => (Allow) C:\ProgramData\system.exe
FirewallRules: [{292A30BF-6EB1-4E69-93BD-506C16B4DF11}] => (Allow) C:\ProgramData\system.exe
FirewallRules: [{AA8FF012-123A-4681-A5A9-602E6F6622B6}] => (Allow) C:\ProgramData\system.exe
FirewallRules: [{D07F9E1F-0423-48A4-ACCE-7D41DF73F3C6}] => (Allow) C:\ProgramData\system.exe
C:\ProgramData\system.exe
FirewallRules: [{9D4E638A-93A1-41D0-88E7-401806E0C6CB}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
FirewallRules: [{5D71A02A-7D20-451F-B74D-FD6725B1AE0A}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
FirewallRules: [{03121B35-AAF6-4269-B922-25FD289464DF}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
FirewallRules: [{9B7E7419-BBD2-4AC2-A532-8DB819C238A7}] => (Allow) C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
C:\Users\Lazarus\AppData\Local\Temp\dofoauthis.exe
2016-05-23 18:57 - 2016-05-23 18:57 - 00000000 ____D C:\Users\Lazarus\AppData\Roaming\AnyDesk
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Would you like to clean your computer?
  • Did you remove an Antivirus program?
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 JTSnow

JTSnow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 27 May 2016 - 11:29 AM

Hello Gary, please call me Jay and thank you for assisting me with this issue.  I have not noticed any issues since initially catching and running some antivirus scans, but after reading the links you supplied and since I just so recently upgraded to Windows 10 I think I am going to follow your excellent advice and reinstall my OS and then change every password I have.  There is just too great a risk not to.  Thank you very much for taking the time to review this for me, but I would not wish to take any more of your time that you could be using to help others that have a better chance of success.  I will post back to let you know how things are after the reinstall.  Thanks!!!  



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:14 AM

Posted 27 May 2016 - 11:33 AM

Hi Jay,

I am glad you decided to do that because this is a nasty one. Reinstall and change passwords is the only way you can reasonably have peace of mind.

I will leave the Topic open in case you need anything. Hopefully things will go well.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 JTSnow

JTSnow
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 27 May 2016 - 05:05 PM

Ok looks like I am back up and running again after a clean install.  I have gone through all of my passwords and changed everything and there has been no suspicious activity, but I will be sure to keep a close eye on everything for the next few months.  I really should have done a reinstall from the beginning, thank you for pushing me to that decision.

 

Are there any good tutorials you can point me to on how to better protect my computer in the future? (although this was my doing I have no excuse) I always install a good Hosts file right off the bat, but I am sure there are some services I could disable or software I can install besides my firewall/antivirus to help protect my computer.  Especially anything to protect from USB flash drive infectoins? (my phone is never connected directly to my computer but I have several USB drives I would like to scan)

 

And again thank you very much for your help.  This site and those of you here helping everyone deserve all of the thanks we can give you.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:14 AM

Posted 27 May 2016 - 10:46 PM

Thanks for your kind words. Here is some information you can review.

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:14 AM

Posted 28 May 2016 - 02:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users