Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trovi Infection - Assistance required

Started by Kerrzo , Feb 13 2017 02:37 PM

Trovi

Please log in to reply

#1
Kerrzo

Posted 13 February 2017 - 02:37 PM

New Member

Member
9 posts

Hi Guys,

First post here as I'm totally stuck with removing this. My Lenovo Yoga Pro 2 laptop is infected with Trovi and after several scans with Norton Antivirus I haven't been able to pick it up/do anything about removing it and I'm hoping someone here can help.

To give you guys some background I've recently sent this laptop away for repairs (carried out by the store) and before sending it off I factory reset the computer. After receiving the repaired laptop back I began the installation of my programmes (google chrome, spotify, MS Office nothing out of the ordinary) and upon opening the chrome browser the Trovi.com webpage was brought up.

Now I'm a complete Novice when it comes to Malware removal but I think potentially this reinfection could be from files stored on google drive as I've had this problem before on my previous laptop (Sony Viao) and would regularly backup files up to google drive. When I switched laptops I downloaded data from google drive to this new computer and could have had this virus off and on since then. Again, I'm a novice and this may not be a viable route of infection but I thought I'd throw it out there so you guys have the big picture and so can give me the best chance of removing all trace of the virus.

I wouldn't be opposed to a full reset again however it appears that the last previous reset didn't fully remove the malware/or my cloud system is infected.

Any help is much appreciated and if anymore details are required please do let me know and I'll be as specific as a Novice like myself can.

Thanks in advance,

Adam

#2
RKinner

Posted 13 February 2017 - 07:36 PM

Malware Expert

Expert
24,625 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Kerrzo

Posted 14 February 2017 - 03:41 PM

New Member

Topic Starter
Member
9 posts

Hi RKinner,

Thanks for taking the time to answer my post. Below are the reports you had requested. Please let me know if you would like any more detail.

Adam

AdwCleaner Report

# AdwCleaner v6.043 - Logfile created 14/02/2017 at 21:20:12
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Lenovo - LENOVO-PC
# Running from : C:\Users\Lenovo\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3329900&octid=EB_ORIGINAL_CTID&ISID=ME466DDDE-5CC9-4099-BF99-C43794827C46&SearchSource=55&CUI=&UM=2&UP=SPDF1230A4-C7ED-45E8-9FB9-FA94EE46617F&SSPV=

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1257 Bytes] - [14/02/2017 21:20:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [1530 Bytes] - [14/02/2017 21:19:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1403 Bytes] ##########

Junkware Removal report

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Lenovo (Administrator) on 14/02/2017 at 21:26:50.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/02/2017 at 21:28:38.14
End of JRT log

FRST.txt Report

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by Lenovo (administrator) on LENOVO-PC (14-02-2017 21:31:33)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-20] (Realtek semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-31] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401896 2016-07-14] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2017-01-20] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2017-01-20] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [59925488 2017-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2017-01-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\...\Run: [Spotify Web Helper] => C:\Users\Lenovo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-13] (Spotify Ltd)
HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\...\Run: [Spotify] => C:\Users\Lenovo\AppData\Roaming\Spotify\Spotify.exe [7133808 2017-02-13] (Spotify Ltd)
HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> c:\windows\syswow64\Lenovo Yoga 2 Pro.scr [50551716 2013-09-06] ()
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{fd0f568b-338e-4008-a129-be0878e71947}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-4249691880-2520817991-3015222207-1001 -> DefaultScope {C491ADF4-2021-41A1-A54E-388C782E8F3D} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-13] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.8.1.14\coFFAddon [2017-02-13]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.8.1.14\coFFAddon
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-13] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-28] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-4249691880-2520817991-3015222207-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-4249691880-2520817991-3015222207-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.co.uk/
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Google Slides) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-13]
CHR Extension: (Google Docs) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-13]
CHR Extension: (Google Drive) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-13]
CHR Extension: (YouTube) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-13]
CHR Extension: (Google Sheets) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-13]
CHR Extension: (Norton Safe) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-02-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-13]
CHR Extension: (Gmail) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2017-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-08-03] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-03] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-08-03] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-08-03] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2016-07-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2017-01-20] (Lenovo)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-28] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2017-01-20] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2017-01-20] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32016 2017-01-20] (Lenovo)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\BASHDefs\20170208.001\BHDrvx64.sys [1874136 2017-02-08] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-11-12] (Symantec Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-03] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-03] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-08-03] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-05] (Symantec Corporation)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-23] (REALiX™)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\IPSDefs\20170210.001\IDSvia64.sys [1038024 2017-02-10] (Symantec Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2017-01-23] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2016-07-16] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-20] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 SRTSP; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-11-12] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2017-02-13] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\SDSDefs\20170213.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.8.1.14\Definitions\SDSDefs\20170213.008\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 21:31 - 2017-02-14 21:31 - 02422272 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2017-02-14 21:31 - 2017-02-14 21:31 - 00020973 _____ C:\Users\Lenovo\Downloads\FRST.txt
2017-02-14 21:31 - 2017-02-14 21:31 - 00000000 ____D C:\FRST
2017-02-14 21:30 - 2017-02-14 21:30 - 01764352 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST.exe
2017-02-14 21:29 - 2017-02-14 21:29 - 00000548 _____ C:\Users\Lenovo\Documents\JRT.txt
2017-02-14 21:28 - 2017-02-14 21:28 - 00000548 _____ C:\Users\Lenovo\Desktop\JRT.txt
2017-02-14 21:26 - 2017-02-14 21:26 - 01663040 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\JRT (1).exe
2017-02-14 21:23 - 2017-02-14 21:23 - 01663040 _____ (Malwarebytes) C:\Users\Lenovo\Downloads\JRT.exe
2017-02-14 21:17 - 2017-02-14 21:17 - 04015056 _____ C:\Users\Lenovo\Downloads\AdwCleaner.exe
2017-02-14 21:15 - 2017-02-14 21:20 - 00000000 ____D C:\AdwCleaner
2017-02-13 21:31 - 2017-02-13 21:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-13 21:31 - 2017-02-13 21:31 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-13 21:26 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-13 21:26 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-02-13 21:26 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-13 21:26 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-02-13 21:26 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-13 21:26 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-13 21:26 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-13 21:26 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-13 21:26 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-13 21:26 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-02-13 21:26 - 2016-12-14 04:44 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-02-13 21:26 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-13 21:26 - 2016-12-09 10:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-02-13 21:26 - 2016-12-09 10:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-13 21:26 - 2016-12-09 10:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-13 21:26 - 2016-12-09 10:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-02-13 21:26 - 2016-12-09 10:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-02-13 21:26 - 2016-12-09 10:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-02-13 21:26 - 2016-12-09 10:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-02-13 21:26 - 2016-12-09 09:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-02-13 21:26 - 2016-12-09 09:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-02-13 21:26 - 2016-12-09 09:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-02-13 21:26 - 2016-11-11 10:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-02-13 21:26 - 2016-11-11 10:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-02-13 21:26 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-02-13 21:26 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-02-13 21:26 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-02-13 21:26 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-02-13 21:26 - 2016-11-11 09:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-02-13 21:26 - 2016-11-11 09:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-02-13 21:26 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-02-13 21:26 - 2016-11-11 07:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-02-13 21:26 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-02-13 21:26 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-02-13 21:26 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-02-13 21:26 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-02-13 21:26 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-02-13 21:26 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-02-13 21:26 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-02-13 21:26 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-02-13 21:25 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-02-13 21:25 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-02-13 21:25 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-13 21:25 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-02-13 21:25 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-13 21:25 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-02-13 21:25 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-13 21:25 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-13 21:25 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-13 21:25 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-02-13 21:25 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-13 21:25 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-02-13 21:25 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-13 21:25 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-02-13 21:25 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-02-13 21:25 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-13 21:25 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-02-13 21:25 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-13 21:25 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-02-13 21:25 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-02-13 21:25 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-02-13 21:25 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-02-13 21:25 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-02-13 21:25 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-02-13 21:25 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-02-13 21:25 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-13 21:25 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-02-13 21:25 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-02-13 21:25 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-13 21:25 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-13 21:25 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-02-13 21:25 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-13 21:25 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-02-13 21:25 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-13 21:25 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-13 21:25 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-02-13 21:25 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-02-13 21:25 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-13 21:25 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-13 21:25 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-02-13 21:25 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-13 21:25 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-02-13 21:25 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-13 21:25 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-13 21:25 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-13 21:25 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-13 21:25 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-13 21:25 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-13 21:25 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-13 21:25 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-02-13 21:25 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-13 21:25 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-13 21:25 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-13 21:25 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-02-13 21:25 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-13 21:25 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-02-13 21:25 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-02-13 21:25 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-13 21:25 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-02-13 21:25 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-13 21:25 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-13 21:25 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-13 21:25 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-02-13 21:25 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-02-13 21:25 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-02-13 21:25 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-02-13 21:25 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-02-13 21:25 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-02-13 21:25 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-13 21:25 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-13 21:25 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-02-13 21:25 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-13 21:25 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-13 21:25 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-13 21:25 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-02-13 21:25 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-13 21:25 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-02-13 21:25 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-02-13 21:25 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-13 21:25 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-13 21:25 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-13 21:25 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-13 21:25 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-13 21:25 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-02-13 21:25 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-13 21:25 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-02-13 21:25 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-02-13 21:25 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-13 21:25 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-13 21:25 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-02-13 21:25 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-13 21:25 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-13 21:25 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-02-13 21:25 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-02-13 21:25 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-13 21:25 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-02-13 21:25 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-02-13 21:25 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-13 21:25 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-13 21:25 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-13 21:25 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-02-13 21:25 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-02-13 21:25 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-13 21:25 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-02-13 21:25 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-02-13 21:25 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-02-13 21:25 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-02-13 21:25 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-02-13 21:25 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-13 21:25 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-02-13 21:25 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-13 21:25 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-13 21:25 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-02-13 21:25 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-02-13 21:25 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-13 21:25 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-13 21:25 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-02-13 21:25 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-13 21:25 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-02-13 21:25 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-13 21:25 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-02-13 21:25 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-13 21:25 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-02-13 21:25 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-13 21:25 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-13 21:25 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-02-13 21:25 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-02-13 21:25 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-02-13 21:25 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-13 21:25 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-02-13 21:25 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-13 21:25 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-02-13 21:25 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-02-13 21:25 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-02-13 21:25 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-02-13 21:25 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-02-13 21:25 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-02-13 21:25 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-13 21:25 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-02-13 21:25 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-02-13 21:25 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-13 21:25 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-13 21:25 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-13 21:25 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-13 21:25 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-13 21:25 - 2016-12-09 10:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-02-13 21:25 - 2016-12-09 10:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-02-13 21:25 - 2016-12-09 10:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-02-13 21:25 - 2016-12-09 10:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-02-13 21:25 - 2016-12-09 10:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-02-13 21:25 - 2016-12-09 10:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-02-13 21:25 - 2016-12-09 10:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-02-13 21:25 - 2016-12-09 10:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-02-13 21:25 - 2016-12-09 10:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-02-13 21:25 - 2016-12-09 10:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-02-13 21:25 - 2016-12-09 10:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-02-13 21:25 - 2016-12-09 10:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-02-13 21:25 - 2016-12-09 10:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-02-13 21:25 - 2016-12-09 10:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-02-13 21:25 - 2016-12-09 10:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-02-13 21:25 - 2016-12-09 10:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-02-13 21:25 - 2016-12-09 10:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-02-13 21:25 - 2016-12-09 10:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-02-13 21:25 - 2016-12-09 10:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-02-13 21:25 - 2016-12-09 10:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-02-13 21:25 - 2016-12-09 10:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-02-13 21:25 - 2016-12-09 10:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-02-13 21:25 - 2016-12-09 10:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-02-13 21:25 - 2016-12-09 10:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-02-13 21:25 - 2016-12-09 10:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-02-13 21:25 - 2016-12-09 09:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-02-13 21:25 - 2016-12-09 09:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-02-13 21:25 - 2016-12-09 09:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-02-13 21:25 - 2016-12-09 09:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-02-13 21:25 - 2016-12-09 09:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-02-13 21:25 - 2016-12-09 09:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-02-13 21:25 - 2016-12-09 09:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-02-13 21:25 - 2016-12-09 09:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-02-13 21:25 - 2016-12-09 09:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-02-13 21:25 - 2016-12-09 09:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-02-13 21:25 - 2016-12-09 09:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-02-13 21:25 - 2016-12-09 09:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-02-13 21:25 - 2016-12-09 09:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-02-13 21:25 - 2016-12-09 09:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-02-13 21:25 - 2016-12-09 09:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-02-13 21:25 - 2016-12-09 09:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-02-13 21:25 - 2016-12-09 09:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-02-13 21:25 - 2016-12-09 09:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-02-13 21:25 - 2016-12-09 09:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-02-13 21:25 - 2016-12-09 09:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-02-13 21:25 - 2016-12-09 09:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-02-13 21:25 - 2016-12-09 09:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-02-13 21:25 - 2016-12-09 09:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-02-13 21:25 - 2016-12-09 09:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-02-13 21:25 - 2016-12-09 09:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-02-13 21:25 - 2016-12-09 09:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-02-13 21:25 - 2016-12-09 09:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-02-13 21:25 - 2016-12-09 09:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-02-13 21:25 - 2016-12-09 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-02-13 21:25 - 2016-12-09 09:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-02-13 21:25 - 2016-12-09 09:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-02-13 21:25 - 2016-12-09 09:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-02-13 21:25 - 2016-12-09 09:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-02-13 21:25 - 2016-12-09 09:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-02-13 21:25 - 2016-12-09 09:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-02-13 21:25 - 2016-12-09 09:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-02-13 21:25 - 2016-12-09 09:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-02-13 21:25 - 2016-12-09 09:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-02-13 21:25 - 2016-12-09 09:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-02-13 21:25 - 2016-12-09 09:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-02-13 21:25 - 2016-12-09 09:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-02-13 21:25 - 2016-12-09 09:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-02-13 21:25 - 2016-12-09 08:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-02-13 21:25 - 2016-11-11 10:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-02-13 21:25 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2017-02-13 21:25 - 2016-11-11 10:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-02-13 21:25 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-02-13 21:25 - 2016-11-11 10:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-02-13 21:25 - 2016-11-11 10:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-02-13 21:25 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-02-13 21:25 - 2016-11-11 10:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-02-13 21:25 - 2016-11-11 10:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2017-02-13 21:25 - 2016-11-11 10:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-02-13 21:25 - 2016-11-11 10:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-02-13 21:25 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-02-13 21:25 - 2016-11-11 10:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-02-13 21:25 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-02-13 21:25 - 2016-11-11 10:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-02-13 21:25 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-02-13 21:25 - 2016-11-11 09:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-02-13 21:25 - 2016-11-11 09:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-02-13 21:25 - 2016-11-11 09:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-02-13 21:25 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-02-13 21:25 - 2016-11-11 09:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2017-02-13 21:25 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2017-02-13 21:25 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-02-13 21:25 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-02-13 21:25 - 2016-11-11 09:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-02-13 21:25 - 2016-11-11 09:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-02-13 21:25 - 2016-11-11 09:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-02-13 21:25 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2017-02-13 21:25 - 2016-11-11 09:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-02-13 21:25 - 2016-11-11 09:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-02-13 21:25 - 2016-11-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2017-02-13 21:25 - 2016-11-11 09:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2017-02-13 21:25 - 2016-11-11 09:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-02-13 21:25 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-02-13 21:25 - 2016-11-11 09:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-02-13 21:25 - 2016-11-11 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-02-13 21:25 - 2016-11-11 09:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-02-13 21:25 - 2016-11-11 09:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-02-13 21:25 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-02-13 21:25 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-02-13 21:25 - 2016-11-11 09:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-02-13 21:25 - 2016-11-11 09:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-02-13 21:25 - 2016-11-11 09:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-02-13 21:25 - 2016-11-11 09:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2017-02-13 21:25 - 2016-11-11 09:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-02-13 21:25 - 2016-11-11 09:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2017-02-13 21:25 - 2016-11-11 09:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-02-13 21:25 - 2016-11-11 09:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-02-13 21:25 - 2016-11-11 09:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-02-13 21:25 - 2016-11-11 09:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-02-13 21:25 - 2016-11-11 09:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-02-13 21:25 - 2016-11-11 09:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-02-13 21:25 - 2016-11-11 09:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-02-13 21:25 - 2016-11-11 09:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-02-13 21:25 - 2016-11-11 09:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-02-13 21:25 - 2016-11-11 09:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-02-13 21:25 - 2016-11-11 09:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-02-13 21:25 - 2016-11-11 09:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-02-13 21:25 - 2016-11-11 09:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-02-13 21:25 - 2016-11-11 09:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2017-02-13 21:25 - 2016-11-11 09:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-02-13 21:25 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-02-13 21:25 - 2016-11-11 09:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-02-13 21:25 - 2016-11-11 09:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-02-13 21:25 - 2016-11-11 09:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-02-13 21:25 - 2016-11-11 09:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-02-13 21:25 - 2016-11-11 09:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-02-13 21:25 - 2016-11-11 09:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-02-13 21:25 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-02-13 21:25 - 2016-11-11 09:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-02-13 21:25 - 2016-11-11 09:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2017-02-13 21:25 - 2016-11-11 09:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-02-13 21:25 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-02-13 21:25 - 2016-11-11 09:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-02-13 21:25 - 2016-11-11 09:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-02-13 21:25 - 2016-11-11 09:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-02-13 21:25 - 2016-11-11 09:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2017-02-13 21:25 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-02-13 21:25 - 2016-11-11 09:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-02-13 21:25 - 2016-11-11 09:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-02-13 21:25 - 2016-11-11 09:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-02-13 21:25 - 2016-11-11 09:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-02-13 21:25 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-02-13 21:25 - 2016-11-11 09:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-02-13 21:25 - 2016-11-11 09:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-02-13 21:25 - 2016-11-11 09:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-02-13 21:25 - 2016-11-11 09:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-02-13 21:25 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-02-13 21:25 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-02-13 21:25 - 2016-11-11 09:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-02-13 21:25 - 2016-11-11 09:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-02-13 21:25 - 2016-11-11 09:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-02-13 21:25 - 2016-11-11 09:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-02-13 21:25 - 2016-11-11 09:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-02-13 21:25 - 2016-11-11 09:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-02-13 21:25 - 2016-11-11 09:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-02-13 21:25 - 2016-11-11 09:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-02-13 21:25 - 2016-11-11 09:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2017-02-13 21:25 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-02-13 21:25 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-02-13 21:25 - 2016-11-11 08:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-02-13 21:25 - 2016-11-11 08:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-02-13 21:25 - 2016-11-11 08:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-02-13 21:25 - 2016-11-11 07:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-02-13 21:25 - 2016-11-11 07:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2017-02-13 21:25 - 2016-11-11 07:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-02-13 21:25 - 2016-11-11 07:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-02-13 21:25 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-02-13 21:25 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-02-13 21:25 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-02-13 21:25 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-02-13 21:25 - 2016-11-11 07:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-02-13 21:25 - 2016-11-11 07:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2017-02-13 21:25 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2017-02-13 21:25 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-02-13 21:25 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2017-02-13 21:25 - 2016-11-11 07:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2017-02-13 21:25 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-02-13 21:25 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-02-13 21:25 - 2016-11-11 07:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-02-13 21:25 - 2016-11-11 07:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-02-13 21:25 - 2016-11-11 07:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-02-13 21:25 - 2016-11-11 07:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-02-13 21:25 - 2016-11-11 07:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-02-13 21:25 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-02-13 21:25 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-02-13 21:25 - 2016-11-11 07:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-02-13 21:25 - 2016-11-11 07:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-13 21:25 - 2016-11-11 07:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-02-13 21:25 - 2016-11-11 07:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-02-13 21:25 - 2016-11-11 07:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-02-13 21:25 - 2016-11-11 07:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-02-13 21:25 - 2016-11-11 07:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-02-13 21:25 - 2016-11-11 07:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-02-13 21:25 - 2016-11-11 07:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-02-13 21:25 - 2016-11-11 07:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-02-13 21:25 - 2016-11-11 07:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-02-13 21:25 - 2016-11-11 07:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-02-13 21:25 - 2016-11-11 07:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-02-13 21:25 - 2016-11-11 07:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-02-13 21:25 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2017-02-13 21:25 - 2016-11-11 07:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-13 21:25 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-02-13 21:25 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2017-02-13 21:25 - 2016-11-11 07:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-02-13 21:25 - 2016-11-11 07:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-02-13 21:25 - 2016-11-11 07:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-02-13 21:25 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-02-13 21:25 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-02-13 21:25 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-02-13 21:25 - 2016-11-11 07:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-02-13 21:25 - 2016-11-11 07:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-02-13 21:25 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-02-13 21:25 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-02-13 21:25 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-02-13 21:25 - 2016-11-11 07:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-02-13 21:25 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-02-13 21:25 - 2016-11-11 07:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-02-13 21:25 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-02-13 21:25 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-02-13 21:25 - 2016-11-11 07:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-02-13 21:25 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-02-13 21:25 - 2016-11-11 07:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-02-13 21:25 - 2016-11-11 07:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-02-13 21:25 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-02-13 21:25 - 2016-11-11 07:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-02-13 21:25 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-02-13 21:25 - 2016-11-11 07:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-02-13 21:25 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-02-13 21:24 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-02-13 21:24 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-02-13 21:24 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-02-13 21:24 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-02-13 21:24 - 2016-12-09 09:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-02-13 21:24 - 2016-11-11 09:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-02-13 21:24 - 2016-11-11 09:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2017-02-13 21:24 - 2016-11-11 09:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2017-02-13 21:24 - 2016-11-11 09:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-02-13 21:24 - 2016-11-11 09:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-02-13 21:24 - 2016-11-11 09:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-02-13 21:24 - 2016-11-11 09:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-02-13 21:24 - 2016-11-11 07:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2017-02-13 21:24 - 2016-11-11 07:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-02-13 21:24 - 2016-11-11 07:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2017-02-13 21:14 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-13 21:14 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-13 19:42 - 2017-02-13 19:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-02-13 19:42 - 2017-02-13 19:42 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-13 19:33 - 2017-02-14 21:21 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Spotify
2017-02-13 19:33 - 2017-02-14 21:21 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Spotify
2017-02-13 19:33 - 2017-02-13 19:33 - 00001866 _____ C:\Users\Lenovo\Desktop\Spotify.lnk
2017-02-13 19:33 - 2017-02-13 19:33 - 00001852 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-02-13 19:33 - 2017-02-13 19:33 - 00000000 ____D C:\Users\Lenovo\AppData\Local\CEF
2017-02-13 19:32 - 2017-02-13 19:32 - 00353488 _____ (Spotify Ltd) C:\Users\Lenovo\Downloads\SpotifySetup.exe
2017-02-13 19:31 - 2017-02-13 19:51 - 10234185 _____ C:\Users\Lenovo\Downloads\Final Tape Length Calculator.xlsm
2017-02-13 19:30 - 2017-02-13 19:30 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Nitro PDF
2017-02-13 19:20 - 2017-02-13 19:20 - 00002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-13 19:18 - 2017-02-13 19:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-13 19:17 - 2017-02-13 19:17 - 03907384 _____ (Microsoft Corporation) C:\Users\Lenovo\Downloads\Setup.X86.en-US_O365HomePremRetail_099bea23-3ab9-45a0-ad2e-f4b8ed130c98_TX_DB_.exe
2017-02-13 19:07 - 2017-02-14 21:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2017-02-13 19:05 - 2017-02-13 19:05 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-02-13 19:05 - 2017-02-13 19:04 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-02-13 19:04 - 2017-02-13 19:04 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-02-13 19:04 - 2017-02-13 19:04 - 00002401 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-02-13 19:04 - 2017-02-13 19:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2017-02-13 19:04 - 2017-02-13 19:04 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2017-02-13 19:04 - 2017-02-13 19:04 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-02-13 19:04 - 2017-02-13 19:04 - 00000000 ____D C:\Program Files (x86)\Norton 360
2017-02-13 19:03 - 2017-02-13 19:03 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-02-13 19:03 - 2017-02-13 19:03 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2017-02-13 19:02 - 2017-02-13 19:08 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 19:02 - 2017-02-13 19:02 - 01101136 _____ (Symantec Corporation) C:\Users\Lenovo\Downloads\NortonN360Downloader.exe
2017-02-13 19:02 - 2017-02-13 19:02 - 01101136 _____ (Symantec Corporation) C:\Users\Lenovo\Downloads\NortonN360Downloader (1).exe
2017-02-13 19:02 - 2017-02-13 19:02 - 01101128 _____ (Symantec Corporation) C:\Users\Lenovo\Downloads\NortonN360Downloader (2).exe
2017-02-13 19:02 - 2017-02-13 19:02 - 00001357 _____ C:\Users\Lenovo\Desktop\Norton Installation Files.lnk
2017-02-13 19:02 - 2017-02-13 19:02 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-02-13 18:43 - 2017-02-13 18:43 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-02-13 18:43 - 2017-02-13 18:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-13 18:43 - 2017-02-13 18:43 - 00000000 ____D C:\Users\Lenovo\Tracing
2017-02-13 18:43 - 2017-02-13 18:43 - 00000000 ____D C:\ProgramData\Skype
2017-02-13 18:43 - 2017-02-13 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-13 18:41 - 2017-02-13 18:42 - 01629144 _____ (Skype Technologies S.A.) C:\Users\Lenovo\Downloads\SkypeSetup.exe
2017-02-13 18:40 - 2017-02-13 18:48 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Google
2017-02-13 18:40 - 2017-02-13 18:40 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-13 18:40 - 2017-02-13 18:40 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-13 18:40 - 2017-02-13 18:40 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-13 18:40 - 2017-02-13 18:40 - 00002347 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-13 18:40 - 2017-02-13 18:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-13 18:39 - 2017-02-13 18:40 - 01129376 _____ (Google Inc.) C:\Users\Lenovo\Downloads\ChromeSetup.exe
2017-02-13 02:56 - 2017-02-12 19:03 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-13 02:54 - 2017-02-13 02:54 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-02-13 02:54 - 2017-02-13 02:54 - 00000000 ____D C:\Windows.old
2017-02-13 02:53 - 2017-02-13 02:53 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-13 02:53 - 2017-02-13 02:53 - 00000000 ____D C:\Program Files\MSBuild
2017-02-13 02:53 - 2017-02-13 02:53 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-13 02:53 - 2017-02-13 02:53 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-13 02:53 - 2016-05-25 22:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-02-13 02:53 - 2016-05-25 22:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-13 02:53 - 2016-05-25 22:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-02-13 02:53 - 2016-05-25 19:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-02-13 02:53 - 2016-05-25 19:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-13 02:53 - 2016-05-25 19:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-02-12 19:08 - 2017-02-14 21:21 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-12 19:08 - 2017-02-14 21:21 - 00000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2017-02-12 19:08 - 2017-02-12 19:08 - 00000568 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-12 19:08 - 2017-02-12 19:08 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-02-12 19:08 - 2017-02-12 19:08 - 00000000 ____D C:\Users\Lenovo\AppData\Local\NetworkTiles
2017-02-12 19:08 - 2017-02-12 19:08 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-02-12 19:07 - 2017-02-12 19:06 - 20466392 _____ (Microsoft Corporation) C:\Users\Lenovo\Downloads\OneDriveSetup.exe
2017-02-12 19:06 - 2017-02-13 18:39 - 00000000 ____D C:\Users\Lenovo\AppData\Local\MicrosoftEdge
2017-02-12 19:06 - 2017-02-12 19:07 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-12 19:06 - 2017-02-12 19:06 - 00001062 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-02-12 19:05 - 2017-02-14 21:22 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Skype
2017-02-12 19:05 - 2017-02-12 19:07 - 00002381 _____ C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-12 19:05 - 2017-02-12 19:07 - 00000000 ___RD C:\Users\Lenovo\OneDrive
2017-02-12 19:05 - 2017-02-12 19:05 - 00076976 _____ C:\Users\Lenovo\AppData\Roaming\LoJackSetup.exe
2017-02-12 19:03 - 2017-02-12 19:03 - 00000020 ___SH C:\Users\Lenovo\ntuser.ini
2017-02-12 19:03 - 2017-02-12 19:03 - 00000000 ____D C:\Users\Lenovo\AppData\Local\TileDataLayer
2017-02-12 19:03 - 2017-02-12 19:03 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Publishers
2017-02-12 19:03 - 2017-02-12 19:03 - 00000000 ____D C:\Users\Lenovo\AppData\Local\ConnectedDevicesPlatform
2017-02-12 19:03 - 2017-02-12 19:03 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Comms
2017-02-12 19:02 - 2017-02-12 19:02 - 00000000 _SHDL C:\Users\Default\My Documents
2017-02-12 19:02 - 2017-02-12 19:02 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-02-12 19:02 - 2017-02-12 19:02 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-02-12 19:02 - 2017-02-12 19:02 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-02-12 19:02 - 2017-02-12 19:02 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-02-12 19:02 - 2017-02-12 19:02 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-02-12 19:02 - 2017-02-12 19:02 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-02-12 19:01 - 2017-02-12 19:02 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-02-12 19:01 - 2017-02-12 19:02 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-02-12 19:01 - 2017-02-12 19:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-02-12 19:01 - 2017-02-12 19:01 - 00003078 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{73051B8B-5960-4523-894F-C238466351C9}
2017-02-12 19:01 - 2017-02-12 19:01 - 00003014 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2017-02-12 19:01 - 2017-02-12 19:01 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4249691880-2520817991-3015222207-1001
2017-02-12 19:01 - 2017-02-12 19:01 - 00002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4249691880-2520817991-3015222207-500
2017-02-12 19:01 - 2017-02-12 19:01 - 00002634 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2017-02-12 19:01 - 2017-02-12 19:01 - 00002340 _____ C:\WINDOWS\System32\Tasks\Absolute Reminder
2017-02-12 19:01 - 2017-02-12 19:01 - 00002308 _____ C:\WINDOWS\System32\Tasks\Lenovo Smart Voice
2017-02-12 19:01 - 2017-02-12 19:01 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-02-12 19:01 - 2017-02-12 19:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-02-12 19:01 - 2017-02-12 19:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-02-12 18:59 - 2017-02-12 18:59 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-12 18:59 - 2017-02-12 18:59 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-02-12 18:58 - 2017-02-14 21:21 - 00000000 ____D C:\Users\Lenovo
2017-02-12 18:58 - 2017-02-12 18:58 - 00000000 _SHDL C:\Users\Lenovo\My Documents
2017-02-12 18:58 - 2017-02-12 18:58 - 00000000 _SHDL C:\Users\Lenovo\Documents\My Videos
2017-02-12 18:58 - 2017-02-12 18:58 - 00000000 _SHDL C:\Users\Lenovo\Documents\My Pictures
2017-02-12 18:58 - 2017-02-12 18:58 - 00000000 _SHDL C:\Users\Lenovo\Documents\My Music
2017-02-12 18:57 - 2017-02-12 18:57 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfManager_01011.Wdf
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevProc_01011.Wdf
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevPch_01011.Wdf
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____D C:\Program Files\Synaptics
2017-02-12 18:57 - 2017-02-12 18:57 - 00000000 ____D C:\Program Files\Realtek
2017-02-12 18:24 - 2017-02-12 18:45 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-12 18:01 - 2017-02-12 18:24 - 00000000 ____D C:\ESD
2017-02-12 18:01 - 2017-02-12 18:01 - 00000000 ___HD C:\$Windows.~WS
2017-01-23 15:27 - 2017-01-23 15:27 - 00002560 _____ C:\WINDOWS\SysWOW64\Xui.trf
2017-01-23 15:26 - 2017-01-23 15:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-01-23 08:53 - 2017-01-23 08:53 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Screensaver Factory
2017-01-23 08:51 - 2017-01-23 08:51 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Macromedia
2017-01-23 08:46 - 2017-02-12 21:40 - 00002938 _____ C:\Users\Lenovo\AppData\Roaming\AbsoluteReminder.xml
2017-01-23 08:46 - 2017-01-23 08:46 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Intel Corporation
2017-01-23 08:46 - 2017-01-23 08:46 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Absolute_Software
2017-01-23 08:45 - 2017-02-13 19:35 - 00000000 ____D C:\Users\Lenovo\AppData\Local\Packages
2017-01-23 08:45 - 2017-01-23 09:02 - 00000000 ____D C:\Users\Lenovo\AppData\Local\VirtualStore
2017-01-23 08:45 - 2017-01-23 08:45 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Intel
2017-01-23 08:45 - 2017-01-23 08:45 - 00000000 ____D C:\Users\Lenovo\AppData\Roaming\Adobe
2017-01-23 08:37 - 2017-01-23 08:37 - 00046568 _____ C:\WINDOWS\system32\Drivers\ISCTD64.sys
2017-01-23 08:34 - 2017-01-23 08:34 - 00000000 ____D C:\WINDOWS\IObit
2017-01-23 08:33 - 2017-01-23 08:33 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-23 08:33 - 2017-01-23 08:33 - 00000000 ____D C:\ProgramData\IObit
2017-01-20 20:38 - 2012-04-21 05:59 - 00057656 _____ C:\WINDOWS\system32\OEMLOGO.BMP
2017-01-20 20:36 - 2015-06-03 03:16 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-01-20 20:36 - 2015-06-03 03:16 - 00764616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2017-01-20 20:36 - 2015-06-03 03:16 - 00613576 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2017-01-20 20:36 - 2015-06-03 03:16 - 00267976 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2017-01-20 20:36 - 2015-06-03 03:16 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2017-01-20 20:36 - 2013-08-29 19:42 - 00421616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo19.dll
2017-01-20 20:36 - 2013-08-29 19:42 - 00169712 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynTPCom.dll
2017-01-20 20:36 - 2013-08-03 08:37 - 00494272 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\DptfManager.sys
2017-01-20 20:36 - 2013-08-03 08:37 - 00287160 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\DptfDevProc.sys
2017-01-20 20:36 - 2013-08-03 08:37 - 00148688 _____ (Intel Corporation) C:\WINDOWS\system32\DptfPolicyCriticalService.exe
2017-01-20 20:36 - 2013-08-03 08:37 - 00124880 _____ (Intel Corporation) C:\WINDOWS\system32\DptfPolicyLpmService.exe
2017-01-20 20:36 - 2013-08-03 08:37 - 00116656 _____ (Intel Corporation) C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2017-01-20 20:36 - 2013-08-03 08:37 - 00115632 _____ (Intel Corporation) C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2017-01-20 20:36 - 2013-08-03 08:37 - 00114680 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\DptfDevPch.sys
2017-01-20 20:36 - 2013-08-03 08:37 - 00111976 _____ (Intel Corporation) C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
2017-01-20 20:36 - 2013-08-03 08:37 - 00110912 _____ (Intel Corporation) C:\WINDOWS\system32\DptfPolicyLpmDll.dll
2017-01-20 20:36 - 2013-08-03 08:37 - 00110912 _____ (Intel Corporation) C:\WINDOWS\system32\DptfPolicyConfigTDPDll.dll
2017-01-20 20:36 - 2013-08-03 08:37 - 00010160 _____ (Intel Corporation) C:\WINDOWS\system32\DptfEventLogMessage.dll
2017-01-20 20:36 - 2013-08-03 08:36 - 00260728 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\DptfInvalidPolicyRemover.exe
2017-01-20 20:36 - 2013-08-03 08:36 - 00102688 _____ (Intel Corporation) C:\WINDOWS\system32\DptfCoInstaller.dll
2017-01-20 20:36 - 2013-08-03 08:36 - 00004411 _____ C:\WINDOWS\SysWOW64\DptfInvalidPolicyRemover.ini
2017-01-20 20:31 - 2017-01-20 20:28 - 00000012 _____ C:\WINDOWS\CSUP.TXT
2017-01-20 19:56 - 2017-01-30 14:22 - 00000000 ____D C:\ProgramData\Energy Manager
2017-01-20 19:56 - 2017-01-20 20:05 - 01386755 _____ C:\WINDOWS\MFGSTAT.zip
2017-01-20 19:56 - 2017-01-20 19:56 - 00000000 ____D C:\Program Files\DIFX
2017-01-20 19:55 - 2017-02-12 18:59 - 00000000 ____D C:\Program Files\Lenovo
2017-01-20 19:55 - 2017-02-12 18:49 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2017-01-20 19:55 - 2017-01-20 19:55 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartVoiceToast.lnk
2017-01-20 19:55 - 2017-01-20 19:55 - 00000000 __SHD C:\UserGuidePDF
2017-01-20 19:55 - 2017-01-20 19:55 - 00000000 ____D C:\ProgramData\OneKey Recovery
2017-01-20 19:55 - 2017-01-20 19:55 - 00000000 ____D C:\ProgramData\LenovoTransition
2017-01-20 19:55 - 2017-01-20 19:55 - 00000000 ____D C:\ProgramData\Downloaded Installations
2017-01-20 19:55 - 2017-01-20 19:55 - 00000000 ____D C:\Program Files\Lenovo Yoga PhoneCompanion
2017-01-20 19:55 - 2017-01-20 19:55 - 00000000 ____D C:\Program Files (x86)\New Folder
2017-01-20 19:55 - 2013-09-06 01:09 - 50551716 _____ C:\WINDOWS\SysWOW64\Lenovo Yoga 2 Pro.scr
2017-01-20 19:55 - 2012-06-14 01:10 - 00102376 _____ ("CyberLink) C:\WINDOWS\system32\Drivers\wsvd.sys
2017-01-20 19:54 - 2017-02-12 19:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10
2017-01-20 19:54 - 2017-02-12 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software
2017-01-20 19:54 - 2017-01-20 19:55 - 00000000 ____D C:\ProgramData\Temp
2017-01-20 19:54 - 2017-01-20 19:54 - 00000000 ____D C:\Program Files\CyberLink
2017-01-20 19:54 - 2017-01-20 19:54 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2017-01-20 19:54 - 2017-01-20 19:54 - 00000000 ____D C:\Program Files (x86)\Absolute Software
2017-01-20 19:53 - 2017-01-20 19:53 - 00002547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2017-01-20 19:53 - 2017-01-20 19:53 - 00000000 ____D C:\ProgramData\Nitro
2017-01-20 19:53 - 2017-01-20 19:53 - 00000000 ____D C:\Program Files\Common Files\Nitro
2017-01-20 19:53 - 2017-01-20 19:53 - 00000000 ____D C:\Program Files (x86)\Nitro
2017-01-20 19:53 - 2013-06-28 23:35 - 00029704 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalmon2.dll
2017-01-20 19:53 - 2013-06-28 23:35 - 00017928 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalui2.dll
2017-01-20 19:52 - 2017-02-12 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo App Shop
2017-01-20 19:52 - 2017-02-12 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-01-20 19:52 - 2017-02-12 18:59 - 00000000 ____D C:\ProgramData\McAfee
2017-01-20 19:52 - 2017-02-12 18:59 - 00000000 ____D C:\ProgramData\Lenovo
2017-01-20 19:52 - 2017-02-12 18:59 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-01-20 19:51 - 2017-02-14 21:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-20 19:50 - 2017-01-20 19:50 - 00000000 ____D C:\ProgramData\Intel® Update Manager
2017-01-20 19:49 - 2017-01-20 19:49 - 00016098 _____ C:\WINDOWS\system32\results.xml
2017-01-20 19:46 - 2017-01-20 19:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2017-01-20 19:46 - 2017-01-20 19:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2017-01-20 19:46 - 2017-01-20 19:46 - 00000000 ____D C:\WINDOWS\system32\Drivers\Win64
2017-01-20 19:46 - 2013-09-18 09:57 - 00020344 _____ C:\WINDOWS\system32\Drivers\ibtfltcoex_wp8.cat
2017-01-20 19:45 - 2013-07-20 00:58 - 08247640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2017-01-20 19:45 - 2013-07-20 00:58 - 06340312 _____ (Realtek semiconductor) C:\WINDOWS\RTFTrack.exe
2017-01-20 19:45 - 2013-07-20 00:58 - 02628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2017-01-20 19:45 - 2013-07-20 00:58 - 01157563 _____ C:\WINDOWS\FTDataP.xml
2017-01-20 19:45 - 2013-07-20 00:58 - 00946032 _____ C:\WINDOWS\FTData.xml
2017-01-20 19:45 - 2013-07-20 00:58 - 00817241 _____ C:\WINDOWS\FTDataR1.xml
2017-01-20 19:45 - 2013-07-20 00:58 - 00817191 _____ C:\WINDOWS\FTDataR0.xml
2017-01-20 19:45 - 2013-07-20 00:58 - 00473304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2017-01-20 19:45 - 2013-07-20 00:58 - 00421080 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2017-01-20 19:43 - 2017-02-12 18:59 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-01-20 19:43 - 2017-01-20 19:50 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-20 19:43 - 2017-01-20 19:43 - 00000000 ____D C:\ProgramData\Intel.sav
2017-01-20 19:43 - 2017-01-20 19:43 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-01-20 19:43 - 2017-01-20 19:43 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-01-20 19:42 - 2017-02-12 19:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-01-20 19:42 - 2017-02-12 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-01-20 19:42 - 2017-02-12 19:00 - 00000000 ____D C:\Program Files\Dolby Digital Plus
2017-01-20 19:42 - 2017-02-12 18:59 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-01-20 19:42 - 2017-01-20 19:42 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-01-20 19:42 - 2016-07-14 05:34 - 00103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-01-20 19:42 - 2016-07-14 05:34 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-01-20 19:41 - 2017-02-12 19:08 - 00000000 ___HD C:\Intel
2017-01-20 19:41 - 2017-02-12 18:59 - 00000000 ____D C:\Program Files\Intel
2017-01-20 19:41 - 2017-02-12 18:59 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-20 19:41 - 2017-01-20 19:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-20 19:41 - 2017-01-20 19:52 - 00000000 ____D C:\ProgramData\Intel
2017-01-20 19:41 - 2017-01-20 19:45 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-01-20 19:41 - 2017-01-20 19:42 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-01-20 19:41 - 2013-09-14 03:38 - 00646313 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-01-20 19:41 - 2013-09-14 02:54 - 03641688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-01-20 19:41 - 2013-09-14 02:44 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-01-20 19:41 - 2013-09-13 22:23 - 32882688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-01-20 19:41 - 2013-09-13 03:23 - 00149208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-01-20 19:41 - 2013-09-13 02:03 - 02586840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2017-01-20 19:41 - 2013-09-09 23:32 - 05681192 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2017-01-20 19:41 - 2013-09-03 22:49 - 14151936 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-01-20 19:41 - 2013-09-03 22:49 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-01-20 19:41 - 2013-09-03 22:49 - 02036992 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-01-20 19:41 - 2013-09-03 22:48 - 01921792 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2017-01-20 19:41 - 2013-09-03 22:47 - 01011968 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-01-20 19:41 - 2013-08-21 04:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-01-20 19:41 - 2013-08-15 00:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-01-20 19:41 - 2013-08-15 00:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-01-20 19:41 - 2013-08-09 12:25 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2017-01-20 19:41 - 2013-08-08 01:41 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-01-20 19:41 - 2013-08-06 17:47 - 00947248 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-01-20 19:41 - 2013-08-06 12:56 - 06219096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-01-20 19:41 - 2013-08-06 12:56 - 01908568 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-01-20 19:41 - 2013-08-06 12:56 - 00312152 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-01-20 19:41 - 2013-08-06 12:56 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-01-20 19:41 - 2013-08-06 02:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-01-20 19:41 - 2013-08-05 19:50 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2017-01-20 19:41 - 2013-08-03 04:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-01-20 19:41 - 2013-07-26 22:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-01-20 19:41 - 2013-06-06 05:42 - 00208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-01-20 19:41 - 2013-04-25 01:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-01-20 19:41 - 2013-02-21 02:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-01-20 19:41 - 2012-11-14 19:41 - 00378000 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkGuiCompLib.dll
2017-01-20 19:41 - 2012-09-01 03:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-01-20 19:41 - 2012-09-01 03:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-01-20 19:41 - 2012-09-01 03:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-01-20 19:41 - 2012-09-01 03:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-01-20 19:41 - 2012-09-01 03:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-01-20 19:41 - 2012-03-08 19:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-01-20 19:41 - 2011-12-20 23:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-01-20 19:41 - 2011-11-23 00:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-01-20 19:41 - 2011-09-02 22:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-01-20 19:41 - 2011-09-02 22:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-01-20 19:41 - 2011-09-02 22:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-01-20 19:41 - 2011-05-31 17:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-01-20 19:41 - 2010-11-08 15:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-01-20 19:41 - 2010-11-08 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-01-20 19:41 - 2010-11-08 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-01-20 19:41 - 2010-11-08 15:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-01-20 19:41 - 2010-11-08 15:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-01-20 19:41 - 2010-11-08 15:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-01-20 19:41 - 2010-11-04 02:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-01-20 19:41 - 2010-09-27 17:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-01-20 19:41 - 2010-07-23 00:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-01-20 19:41 - 2009-11-24 17:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-01-20 19:41 - 2009-11-24 17:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-01-20 19:41 - 2009-11-24 17:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-01-20 19:41 - 2009-11-24 17:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-01-20 19:40 - 2017-01-20 19:49 - 00000011 _____ C:\WINDOWS\system32\lendrvchk.scp
2017-01-20 19:40 - 2017-01-20 19:40 - 00000042 _____ C:\WINDOWS\SysWOW64\Drivers\17AA_Lenovo_Ideapad_Yoga_2_Pro_20266.MRK

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 21:28 - 2016-11-20 18:47 - 00971228 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-14 21:21 - 2016-11-20 18:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-14 21:20 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-14 21:13 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-14 21:13 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-14 21:07 - 2016-11-20 18:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-14 21:06 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-14 21:05 - 2016-11-20 18:37 - 00342544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-13 21:55 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-13 21:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-13 21:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-13 21:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-13 21:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-13 21:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-13 21:55 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-13 21:55 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-13 21:55 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-13 21:55 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-13 21:55 - 2016-07-16 06:04 - 00000000 ____D C:\WINDOWS\servicing
2017-02-13 21:53 - 2016-11-20 18:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 21:32 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-13 21:10 - 2016-07-16 11:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-02-13 19:34 - 2016-11-20 18:12 - 00000000 ____D C:\WINDOWS\OCR
2017-02-13 19:27 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-13 19:17 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-13 19:06 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-13 19:04 - 2016-07-16 11:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-13 18:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\appcompat
2017-02-13 02:56 - 2016-07-16 11:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-02-12 19:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-12 19:02 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-02-12 19:02 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Registration
2017-02-12 19:01 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-02-12 19:00 - 2016-07-16 11:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-12 18:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-12 18:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-02-12 18:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-12 18:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-02-12 18:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-02-12 18:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2017-02-12 18:59 - 2013-08-22 13:36 - 00000000 ____D C:\Users\Default.migrated
2017-02-12 18:48 - 2013-08-22 15:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-01-20 19:55 - 2013-02-17 18:48 - 00035600 _____ (Lenovo Corporation) C:\WINDOWS\system32\Drivers\AcpiVpc.sys
2017-01-20 19:55 - 2012-02-21 13:48 - 02356592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll

==================== Files in the root of some directories =======

2017-01-23 08:46 - 2017-02-12 21:40 - 0002938 _____ () C:\Users\Lenovo\AppData\Roaming\AbsoluteReminder.xml
2017-02-12 19:05 - 2017-02-12 19:05 - 0076976 _____ () C:\Users\Lenovo\AppData\Roaming\LoJackSetup.exe
2017-02-12 18:57 - 2017-02-12 18:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-13 21:26

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by Lenovo (14-02-2017 21:32:06)
Running from C:\Users\Lenovo\Downloads
Windows 10 Home Version 1607 (X64) (2017-02-12 19:03:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4249691880-2520817991-3015222207-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4249691880-2520817991-3015222207-503 - Limited - Disabled)
Guest (S-1-5-21-4249691880-2520817991-3015222207-501 - Limited - Disabled)
Lenovo (S-1-5-21-4249691880-2520817991-3015222207-1001 - Administrator - Enabled) => C:\Users\Lenovo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.1.38 - Lenovo)
Energy Manager (x32 Version: 1.0.1.38 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
Intel® Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{e1172fd4-a6d9-4cfa-8256-268f728fec31}) (Version: 16.5.3 - Intel Corporation)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8211 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{2269F0D5-DE47-4313-9003-BB6357919314}) (Version: 8.5.5.7 - Nitro)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.8.1.14 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
ReminderInstaller (HKLM-x32\...\InstallShield_{48B99BC9-CEB0-485E-96B1-4609BC86D2DE}) (Version: 1.00.0000 - Absolute Software.)
ReminderInstaller (x32 Version: 1.00.0000 - Absolute Software.) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4249691880-2520817991-3015222207-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4249691880-2520817991-3015222207-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {117B06A5-9E28-4B04-B06A-5A09A34DAE14} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {12E3D8D1-5DE8-4667-B1BB-4F550728CE96} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2013-09-04] (Absolute Software)
Task: {21C06683-7012-489A-8F37-6834C4887CEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-13] (Google Inc.)
Task: {2AACF427-F538-464F-88CB-72F1F112E920} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation)
Task: {5297399A-012C-4668-AB40-C73DD7F764F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-13] (Google Inc.)
Task: {5DB43D4A-BD78-402D-BE3E-75586EA2F0E8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03] (Synaptics Incorporated)
Task: {612EE754-9056-4C04-8308-A5FCECA99D9B} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-04] (Intel Corporation)
Task: {6212FF8D-DE53-49AC-9E2D-C6357A4D3F9C} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {6FFAB8BA-FD73-442E-94B3-03E4D3261293} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {781F0B82-0702-4242-B7FA-82B6E6A83C9A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation)
Task: {805BE3D3-FCD5-49E0-B98F-0CBF15263BDE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {A8B53929-26E0-4936-9886-826AE53D9F85} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-13] (Microsoft Corporation)
Task: {ACB714B9-7565-46E4-897E-4A7EC0C06668} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {BD6B3462-85A7-4554-96B9-3C049948D368} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2017-01-20] (Lenovo)
Task: {C39EBD57-0785-4118-81AF-E4467C5A58F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {F7814950-2C66-4B85-8593-0E0BF4775E66} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-11-12] (Symantec Corporation)
Task: {F88FE000-BC6D-4DF9-8CF8-B6C877938588} - \WPD\SqmUpload_S-1-5-21-4249691880-2520817991-3015222207-1001 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-13 21:26 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-20 19:54 - 2012-04-25 02:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-01-20 19:55 - 2017-01-20 19:55 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2017-02-13 21:26 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-02-13 19:21 - 2017-02-13 19:21 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-13 19:01 - 2017-02-13 19:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-13 19:01 - 2017-02-13 19:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-13 19:01 - 2017-02-13 19:02 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-13 19:01 - 2017-02-13 19:02 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-11-20 18:11 - 2016-11-20 18:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-13 21:25 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-13 21:25 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-13 21:25 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-13 21:25 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-13 21:25 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-02-13 21:25 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-13 21:25 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-08-30 05:56 - 2013-08-30 05:56 - 02435392 _____ () C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
2017-01-20 19:41 - 2013-08-09 12:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4249691880-2520817991-3015222207-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{EE7E7A30-BFCB-4EB1-B944-78D255946EED}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3D7DEB9D-7342-4DE7-86EE-9470ABC3EB99}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BBE2F81A-AA3D-401B-9D2C-33CEE211FDD7}] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{8A6EA2B1-4BAD-4E94-87E1-00C27E5DE90C}] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{2BB3D557-4ED7-4BD2-903B-C5AAA02E6730}] => C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D89D1761-0C81-4C9D-BDA6-FB30CBEFF95E}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{73A9CB54-A15C-487B-9A99-75646124F449}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{97F0D4DB-A1CD-4381-B358-2DED6C6ED4B9}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C5968F72-064A-4D69-9591-47797249449F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{238675D3-D26D-46C6-880C-9A848607A47B}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FE331442-8BA1-4404-BA07-7B75B26484C8}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3F728602-A2C7-46A2-AF7C-225F3049D28A}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => C:\users\lenovo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{80A1C015-34F6-4C30-B5EE-235183B2F71A}C:\users\lenovo\appdata\roaming\spotify\spotify.exe] => C:\users\lenovo\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2017 09:32:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/13/2017 07:29:21 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {92AA067E-3502-4818-8954-CF79DBD9D05B}

Error: (02/13/2017 07:29:09 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {8CF0946B-ADF4-4342-8062-E2E976E1950E}

Error: (02/12/2017 07:05:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/12/2017 07:01:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./ROOT/DEFAULT namespace does not exist. The query will be ignored.

Error: (02/12/2017 07:01:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./ROOT/DEFAULT namespace does not exist. The query will be ignored.

Error: (02/12/2017 07:01:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./ROOT/DEFAULT namespace does not exist. The query will be ignored.

Error: (02/12/2017 07:01:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./ROOT/DEFAULT namespace does not exist. The query will be ignored.

Error: (02/12/2017 07:01:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./ROOT/DEFAULT namespace does not exist. The query will be ignored.

Error: (02/12/2017 07:01:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./ROOT/DEFAULT namespace does not exist. The query will be ignored.

System errors:
=============
Error: (02/14/2017 09:24:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/14/2017 09:21:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 09:21:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 09:20:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/14/2017 09:20:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/14/2017 09:20:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/14/2017 09:20:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/14/2017 09:20:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (02/14/2017 09:20:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 35%
Total physical RAM: 8104.27 MB
Available physical RAM: 5264.7 MB
Total Virtual: 10024.27 MB
Available Virtual: 7078.57 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:93.27 GB) (Free:51.65 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:0.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FBA1E6A4)

Partition: GPT.

==================== End of Addition.txt ============================

#4
RKinner

Posted 14 February 2017 - 10:40 PM

Malware Expert

Expert
24,625 posts

ADWCleaner says it took out Trovi and I don't see it in your FRST logs. Are you still seeing it?

#5
Kerrzo

Posted 15 February 2017 - 01:56 PM

New Member

Topic Starter
Member
9 posts

No, looks like its gone. Just wanted to be sure and send you the logs.

Thanks for your help. Apologies as I'm new but is there a way to mark this as solved/credit you?

#6
Kerrzo

Posted 15 February 2017 - 02:36 PM

New Member

Topic Starter
Member
9 posts

My apologies RKinner. I was using my computer this evening and after about an hour or so after closing my google chrome and reopening it the trovi website has popped up again. Any idea on the next steps??

FYI I performed no downloads and had switched on my Norton antivirus protection again.

#7
RKinner

Posted 16 February 2017 - 07:26 AM

Malware Expert

Expert
24,625 posts

Run FRST but don't press SCAN. Instead put

trovi

in the Search: box and click on Search Files. If it finds anything, copy and paste the result.

Repeat but this time click on Search Registry

#8
Kerrzo

Posted 16 February 2017 - 01:37 PM

New Member

Topic Starter
Member
9 posts

Tried both and I haven't been able to find anything

Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02

Ran by Lenovo (16-02-2017 19:31:37)

Running from C:\Users\Lenovo\Downloads

Boot Mode: Normal

================== Search Files: "trovi" =============

====== End of Search ======

Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02

Ran by Lenovo (16-02-2017 19:34:42)

Running from C:\Users\Lenovo\Downloads

Boot Mode: Normal

================== Search Registry: "trovi" ===========

====== End of Search ======

#9
RKinner

Posted 16 February 2017 - 02:39 PM

Malware Expert

Expert
24,625 posts

No sign of trovi. If you run adwcleaner again does it detect trovi?

Perhaps it's just an ad that is popping up. Go to

adblockplus.org

with your brownser (Chrome, Firefox or IE) and get the extension (it's a full program for IE)

#10
Kerrzo

Posted 18 February 2017 - 04:13 AM

New Member

Topic Starter
Member
9 posts

Sorry for the late response, RKinner. Ran AdwCleaner found something and removed it report #1 . Turned on my antivirus opened google chrome and downloaded AdBlock Plus extension. Close the browser and reopened it, trovi appeared again. Ran AdwCleaner a 2nd time see report #2. Looks like the same issue? Any other ideas where this could be coming from?

Report #1

# AdwCleaner v6.043 - Logfile created 18/02/2017 at 09:52:01

# Updated on 27/01/2017 by Malwarebytes

# Database : 2017-02-13.1 [Local]

# Operating System : Windows 10 Home (X64)

# Username : Lenovo - LENOVO-PC

# Running from : C:\Users\Lenovo\Downloads\AdwCleaner (1).exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3329900&octid=EB_ORIGINAL_CTID&ISID=ME466DDDE-5CC9-4099-BF99-C43794827C46&SearchSource=55&CUI=&UM=2&UP=SPDF1230A4-C7ED-45E8-9FB9-FA94EE46617F&SSPV=

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1482 Bytes] - [14/02/2017 21:20:12]

C:\AdwCleaner\AdwCleaner[C2].txt - [1099 Bytes] - [18/02/2017 09:52:01]

C:\AdwCleaner\AdwCleaner[S0].txt - [1530 Bytes] - [14/02/2017 21:19:10]

C:\AdwCleaner\AdwCleaner[S1].txt - [1463 Bytes] - [18/02/2017 09:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1318 Bytes] ##########

Report #2

# AdwCleaner v6.043 - Logfile created 18/02/2017 at 10:08:19

# Updated on 27/01/2017 by Malwarebytes

# Database : 2017-02-13.1 [Local]

# Operating System : Windows 10 Home (X64)

# Username : Lenovo - LENOVO-PC

# Running from : C:\Users\Lenovo\Downloads\AdwCleaner (2).exe

# Mode: Clean

# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1482 Bytes] - [14/02/2017 21:20:12]

C:\AdwCleaner\AdwCleaner[C2].txt - [1397 Bytes] - [18/02/2017 09:52:01]

C:\AdwCleaner\AdwCleaner[C3].txt - [1172 Bytes] - [18/02/2017 10:08:19]

C:\AdwCleaner\AdwCleaner[S0].txt - [1530 Bytes] - [14/02/2017 21:19:10]

C:\AdwCleaner\AdwCleaner[S1].txt - [1463 Bytes] - [18/02/2017 09:51:15]

C:\AdwCleaner\AdwCleaner[S2].txt - [1609 Bytes] - [18/02/2017 10:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1464 Bytes] ##########

#11
RKinner

Posted 18 February 2017 - 10:02 PM

Malware Expert

Expert
24,625 posts

There is some chatter on the web that Trovi is installed by Lenovo so one of your existing programs could be giving it to you.

Let's try MBAM:

https://www.malwarebytes.com/

We want the Free version (which includes a 14 day trial of the paid version)

Download and Save: mb3-setup.exe

Right click on it and Run As Admin.

Once you get the program up and running you can just click on Scan Now. It will take a few minutes to complete.

If it finds anything it will allow you to choose what to delete.

#12
Kerrzo

Posted 19 February 2017 - 09:54 AM

New Member

Topic Starter
Member
9 posts

Ran the software looks like its still coming from Lenovo App data. Quarantined the item found in this report and restarted the computer. Trovi still boots up :/

Report

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 2/19/17

Scan Time: 3:37 PM

Logfile: MBAM Report - 19-02-2017.txt

Administrator: Yes

-Software Information-

Version: 3.0.6.1469

Components Version: 1.0.50

Update Package Version: 1.0.1299

License: Trial

-System Information-

OS: Windows 10

CPU: x64

File System: NTFS

User: Lenovo-PC\Lenovo

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 380543

Time Elapsed: 1 min, 39 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 1

PUP.Optional.Trovi, C:\USERS\LENOVO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SECURE PREFERENCES, Replaced, [6573], [302972],1.0.1299

Physical Sector: 0

(No malicious items detected)

(end)

#13
RKinner

Posted 19 February 2017 - 10:48 AM

Malware Expert

Expert
24,625 posts

Your user name appears to be Lenovo so it doesn't necessarily mean that trovi comes from them. That being said there are several posts that claim trovi is foisted by Lenovo on their PCs.

Let's see if we can figure out which program is reinstalling trovi.

In Chrome click on the three horizontal line icon in the upper right then on Settings then on Extensions. Uncheck the Enabled Box for each extension.

Click on Settings

Under On Startup change it to Open the New Tab page.

then then under Search Engines, click on Default and set it to Google. Click on Manage Search Engines and delete all other search engines (there is an x that will appear when you select a search engine that will allow you to remove it.) Done.

Then close Chrome.

Run ADWCleaner to remove Trovi. Restart Chrome. Does it come back? If not, reboot and then restart Chrome and see if it comes back. If it stays away then one of the extensions is dirty even tho they appear to be good. Go back and enable half and repeat and see if one of the ones you enabled is the problem. Try to isolate it down to a single extension.

If that doesn't help then

Search for

msconfig

hit Enter.

This should bring up a new System Configuration window. Click on Startup. Uncheck all boxes. Apply Click on Services. Click on Hide Microsoft Services then uncheck all that remain. OK. Do not reboot yet. Close all browsers. Run ADVCleaner and remove trovi. Now reboot. Run adwcleaner and see if trovi is back. Open Chrome and see if it comes back.

If it comes back then we can't blame any of the programs we unchecked so go back into msconfig and recheck them. If it doesn't come back then go back in to msconfig and check about half of the entries you unchecked. Try to locate the sourece of the problem.

By the way, Lenovo says that Lenovo Transitions is not Win 10 capatible and should be removed. See:

https://support.leno...utions/ht103611

In fact there is a long list of programs on that page that should be uninstalled before upgrading.

If all else fails follow Gringo's instructions to reset Chrome on

http://www.geekstogo...-2#entry2441832

#14
Kerrzo

Posted 19 February 2017 - 04:54 PM

New Member

Topic Starter
Member
9 posts

In Chrome click on the three horizontal line icon in the upper right then on Settings then on Extensions. Uncheck the Enabled Box for each extension.

Click on Settings

Under On Startup change it to Open the New Tab page.

Then close Chrome.

Run ADWCleaner to remove Trovi. Restart Chrome.

Carried out the above and ran AdwCleaner, wasn't able to find anything. Reopened chrome and no Trovi loading. Ran MBAM aswell and nothing found either. Lastly reenabled all addins and restarted; it appears that the issue is fixed and Trovi no longer is hijacking my browser.

Will test again tomorrow and see if the issue is 100% sorted. Will keep you posted.

#15
RKinner

Posted 19 February 2017 - 09:16 PM

Malware Expert

Expert
24,625 posts

Hopefully that is it.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Trovi

Security → Virus, Spyware, Malware Removal → Virus - www-searcher.com,Trovi, AnyProtect, SearchProtect, SystemNotif Started by izzipop , 17 Aug 2015 www-searching.com, AnyProtect and 5 more...	5 replies 5,560 views	BrianDrab 24 Aug 2015
Security → Virus, Spyware, Malware Removal → Comodo, File Angels, Java Outdated Has Security Risks. Google Chrome H Started by Quiqzal , 25 Oct 2014 Google, COMODO, Jave, File Angels and 3 more...	13 replies 4,535 views	Essexboy 06 Nov 2014
Security → Virus, Spyware, Malware Removal → Trovi/Pop Ups [Solved] Started by Jay-Logic , 16 Sep 2014 trovi, pop-ups 1 2	Hot 20 replies 8,658 views	gringo_pr 07 Oct 2014
Security → Virus, Spyware, Malware Removal → Possible malware/spyware infection - Trovi/RegCure Pro? [Closed] Started by trubrecht , 05 Aug 2014 malware, trovi, regcurepro 1 2	Hot 17 replies 9,566 views	Essexboy 15 Aug 2014
Security → Virus, Spyware, Malware Removal → Trovi search engine removed, now my browsers are slow and I can't Started by pkcesar , 11 Jul 2014 Trovi, malware, removal	2 replies 3,090 views	JSntgRvr 23 Aug 2014