Jump to content


Photo

Trojan:Win32/Kovter still present even after OS reinstall!

Trojan survives OS reinstall

  • This topic is locked This topic is locked
15 replies to this topic

#1 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 09 May 2016 - 12:20 PM

Greetings,
 
Here is some background to what I am experiencing:
 
I have a Lenovo ThinkCentre A70z (0401) Desktop All-in-one PC originally running Windows 7 Pro 32-bit. The problem first surfaced when MSE detected and blocked:
 
trojan:win32/peals.E!cl
Items: 
file:C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ASP2XW7H\FlashPlayer[1].exe
 
So, I scanned with MBAM, AdwCleaner, JRT, and Trend Micro Housecall (logs included below for AdwCleaner and JRT; MBAM and HouseCall found nothing).
 
The machine appeared to be clean, so, I proceeded with the free upgrade to Windows 10 (thinking that would help too). After the upgrade, Windows Defender detected and blocked:
 
TrojanDownloader:PowerShell/Fapax.A
Items: 
file:C:\Users\JT\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AACPBN3E\Internet_ExplorerPatch[1].hta
 
 
Therefore, I decided an OS reinstall would be quicker than continuing to troubleshoot the malware problem and would ensure that the malware would be gone. So, I effected an OS reinstall using the recovery discs I had created with the Lenovo Factory Recovery Disks tool, and, after competing the Windows 7 reinstall and installing the initial Windows updates, I completed the OS reinstall using the free upgrade to Windows 10. However, after the OS reinstall, Windows Defender detected and blocked:
 
Trojan:Win32/Kovter]
Items:
C:\Users\JT\AppData\Local\Microsoft\Windows\NetCache\Low\IE\IW6537RI\FlashPlayer[1].exe
 
Next, it occurred to me that I probably should have zeroed out the HDD before I did the OS reinstall. The HDD is an Intel series 530 SSD, so, I used Active KillDisk for Linux v. 10.0.1012 to erase all data on the disk. After which, I did another OS reinstall as I described above. Again, after the OS reinstall, Windows Defender detected and blocked:
 
Trojan:Win32/Kovter
Items:
C:\Users\JT\AppData\Local\Temp\3F97.tmp
 
It seemed each time MSE or Windows Defender detected an issue, a fake "update Adobe Flash Player" would pop up.
 
I also one time observed a "silverlight was blocked because it is out of date and needs to be updated" which I thought was suspicious.
 
Where can this Trojan possibly be hiding? I am out of ideas! Please help!
 
Below are the AdwCleaner and JRT logs I promised above:
 
AdwCleaner log:
 
# AdwCleaner v5.113 - Logfile created 25/04/2016 at 12:49:05
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 10 Pro  (X86)
# Username : JT - JT-THINK
# Running from : C:\Users\JT\Documents\Malware Removal Tools\adwcleaner_5.113.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Viewpoint
[#] Folder Deleted : C:\ProgramData\Application Data\Viewpoint
[-] Folder Deleted : C:\Program Files\Viewpoint
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1581 bytes] - [25/04/2016 12:49:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [1566 bytes] - [25/04/2016 12:46:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1727 bytes] ##########
 
 
 
JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 10 Pro x86 
Ran by JT (Administrator) on Mon 04/25/2016 at 12:59:30.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job (Task) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2F2AD73C-443C-40B1-AC84-A65D568AB177} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/25/2016 at 13:09:02.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Thanks,
 
JT
 

Edit: Please read the Instructions and post the requested logs (MBAM, FRST, Security Analysis). We need the information in order to help you.


Edited by Rocket Grannie, 09 May 2016 - 04:57 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,532 posts

Posted 12 May 2016 - 12:35 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 12 May 2016 - 01:28 AM

Greetings,

 

Here are the logs as you requested:

 

MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/12/2016
Scan Time: 1:48 AM
Logfile: MBAM-log_05-12-16.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.12.02
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x86
File System: NTFS
User: JT
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260870
Time Elapsed: 7 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
FRST logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2016
Ran by JT (administrator) on JT-THINK (12-05-2016 02:03:27)
Running from C:\Users\JT\Desktop
Loaded Profiles: JT (Available Profiles: JT)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
() C:\Windows\System32\spdsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1461953896\ee\aolsoftware.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\waol.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\shellmon.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [69632 2010-07-27] (Primax Electronics Ltd.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [Power Manager Power Agenda] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-10-16] ()
HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1461953896\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] ()
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.)
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-04-29]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07b1fe26-8859-41cb-a702-4251b9c01382}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com/
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM -> DefaultScope {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2437397390-83434516-1202361525-1000 -> DefaultScope {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = 
SearchScopes: HKU\S-1-5-21-2437397390-83434516-1202361525-1000 -> {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-01-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-01-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-15] [not signed]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [184320 2010-04-22] () [File not signed]
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe [463552 2015-03-10] (Samsung Electronics Co., Ltd.)
R2 Samsung Printer Dianostics Service; C:\WINDOWS\system32\\spdsvc.exe [498488 2016-05-01] ()
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-08-27] (Lenovo Group Limited) [File not signed]
S2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63.sys [6811648 2015-10-30] (Broadcom Corporation)
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [19456 2015-12-16] (TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [27648 2015-12-22] (TPMX Electronics Ltd.)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2015-10-30] (Realtek                                            )
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2014-05-07] (Samsung Electronics) [File not signed]
R1 vrvd5; C:\WINDOWS\system32\DRIVERS\vrvd5.sys [11296 2016-04-29] (Rsupport Corporation)
R3 wanatw; C:\WINDOWS\System32\drivers\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssasnt.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 02:03 - 2016-05-12 02:03 - 00012020 _____ C:\Users\JT\Desktop\FRST.txt
2016-05-12 02:02 - 2016-05-12 02:03 - 00000000 ____D C:\FRST
2016-05-12 01:59 - 2016-05-12 02:02 - 01732096 _____ (Farbar) C:\Users\JT\Desktop\FRST.exe
2016-05-12 01:57 - 2016-05-12 01:57 - 00001047 _____ C:\Users\JT\Documents\MBAM-log_05-12-16.txt
2016-05-10 11:21 - 2016-05-10 11:21 - 00000000 ____D C:\Users\JT\AppData\LocalLow\Adobe
2016-05-10 10:50 - 2016-05-10 10:50 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-02 11:13 - 2016-05-02 11:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-30 15:04 - 2016-04-30 15:05 - 00476584 _____ (Symantec Corporation) C:\Users\JT\Desktop\FixToolKotver32.exe
2016-04-29 17:37 - 2016-05-01 09:38 - 00498488 ____N C:\WINDOWS\system32\spdsvc.exe
2016-04-29 17:37 - 2016-04-29 17:37 - 02078208 ____N C:\WINDOWS\system32\DlgSearchEngine.dll
2016-04-29 17:37 - 2015-12-04 10:03 - 00017831 ____N C:\WINDOWS\system32\spddata.xml
2016-04-29 17:36 - 2016-04-29 17:37 - 00000000 ____D C:\Users\JT\AppData\Roaming\Samsung
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Users\JT\AppData\Local\Samsung
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdateInstaller
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\Common Files\Scan Process Machine
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2016-04-29 17:36 - 2015-03-10 09:03 - 00311488 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\NetFaxPort.dll
2016-04-29 17:36 - 2015-03-10 08:58 - 00474112 _____ (Samsung Software Center) C:\WINDOWS\prinst.exe
2016-04-29 17:35 - 2016-04-29 17:37 - 00002315 _____ C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk
2016-04-29 17:35 - 2016-04-29 17:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-04-29 17:35 - 2015-09-02 04:45 - 01545216 _____ C:\WINDOWS\system32\eed_ec.dll
2016-04-29 17:35 - 2015-09-02 04:45 - 00688920 _____ (Samsung Electronics) C:\WINDOWS\system32\eed_sl.exe
2016-04-29 17:35 - 2015-08-20 04:53 - 00125248 _____ C:\WINDOWS\Wiainst.exe
2016-04-29 17:35 - 2015-03-18 10:09 - 00158040 _____ (SS) C:\WINDOWS\system32\ssm1mci.exe
2016-04-29 17:35 - 2015-03-18 10:09 - 00065536 _____ (SS) C:\WINDOWS\system32\ssm1mci.dll
2016-04-29 17:35 - 2015-03-18 10:09 - 00018432 _____ () C:\WINDOWS\system32\ssm1mlm.dll
2016-04-29 17:35 - 2015-03-18 10:09 - 00000273 _____ C:\WINDOWS\system32\eed_sl.exe.config
2016-04-29 17:35 - 2012-08-05 10:19 - 00185710 ____N C:\WINDOWS\ssm1mLTR.prn
2016-04-29 17:35 - 2012-08-05 10:19 - 00185710 ____N C:\WINDOWS\SCX3400LTR.prn
2016-04-29 17:35 - 2012-08-05 10:19 - 00173079 ____N C:\WINDOWS\ssm1mA4.prn
2016-04-29 17:35 - 2012-08-05 10:19 - 00173079 ____N C:\WINDOWS\SCX3400A4.prn
2016-04-29 17:35 - 2011-03-21 03:35 - 00049152 _____ (Samsung Electronics) C:\WINDOWS\system32\Ssusbpn.dll
2016-04-29 17:35 - 2011-03-18 00:49 - 00274432 _____ C:\WINDOWS\system32\SaMinDrv.dll
2016-04-29 17:35 - 2011-03-18 00:49 - 00106496 _____ C:\WINDOWS\system32\SaImgFlt.dll
2016-04-29 17:35 - 2011-03-18 00:49 - 00061440 _____ C:\WINDOWS\system32\SaErHdlr.dll
2016-04-29 17:34 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\Samsung
2016-04-29 17:34 - 2015-08-20 04:54 - 00094208 ____N C:\WINDOWS\system32\ssdevm.dll
2016-04-29 17:31 - 2016-04-29 17:31 - 04357416 _____ C:\Users\JT\Downloads\SamsungPrinterInstaller.exe
2016-04-29 17:28 - 2016-04-29 17:49 - 00000000 ____D C:\Users\Public\Documents\RSupport
2016-04-29 17:28 - 2016-04-29 17:49 - 00000000 ____D C:\Program Files\Rsupport
2016-04-29 17:28 - 2016-04-29 17:28 - 00054048 _____ (Rsupport Corporation) C:\WINDOWS\system32\vrvd5.dll
2016-04-29 17:28 - 2016-04-29 17:28 - 00011296 _____ (Rsupport Corporation) C:\WINDOWS\system32\Drivers\vrvd5.sys
2016-04-29 14:12 - 2016-05-12 01:48 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 14:12 - 2016-04-29 14:12 - 00001140 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-29 14:12 - 2016-04-29 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-29 14:12 - 2016-04-29 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-29 14:12 - 2016-04-29 14:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-04-29 14:12 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-29 14:12 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-29 14:12 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-29 14:11 - 2016-04-29 14:11 - 22851472 _____ (Malwarebytes ) C:\Users\JT\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-29 13:55 - 2016-04-29 13:55 - 00001193 _____ C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
2016-04-29 13:55 - 2016-04-29 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
2016-04-29 13:55 - 2016-04-29 13:55 - 00000000 ____D C:\Program Files\Nitro PDF
2016-04-29 13:55 - 2015-09-01 08:41 - 00180624 _____ C:\WINDOWS\system32\Primomonnt.dll
2016-04-29 13:50 - 2016-04-29 13:54 - 07274960 _____ C:\Users\JT\Downloads\InternationalPrimoPDF.exe
2016-04-29 13:20 - 2016-04-29 13:20 - 00000000 ____D C:\Users\JT\AppData\Local\CEF
2016-04-29 13:19 - 2016-04-29 13:19 - 00001081 _____ C:\Users\Public\Desktop\AOL Desktop.lnk
2016-04-29 13:19 - 2016-04-29 13:19 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop.lnk
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\Users\JT\AppData\Roaming\AOL
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\Viewpoint
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\Macromedia
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\Program Files\Viewpoint
2016-04-29 13:19 - 2016-04-29 13:15 - 00058696 _____ (AOL Inc.) C:\WINDOWS\system32\AOLParconLink.exe
2016-04-29 13:18 - 2016-04-29 13:20 - 00000000 ____D C:\Program Files\AOL Desktop 9.8.2
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\Users\JT\AppData\Local\AOL
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\AOL
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\Program Files\Common Files\aolshare
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\Program Files\Common Files\AOL
2016-04-29 13:18 - 2016-04-29 13:18 - 00000000 ____D C:\ProgramData\AOL OCP
2016-04-29 13:18 - 2016-04-29 13:18 - 00000000 ____D C:\Program Files\AOL
2016-04-29 13:18 - 2006-11-29 17:24 - 00033588 _____ (America Online, Inc.) C:\WINDOWS\system32\Drivers\wanatw4.sys
2016-04-29 13:14 - 2016-04-29 13:14 - 00000335 _____ C:\WINDOWS\nsreg.dat
2016-04-29 13:14 - 2016-04-29 13:14 - 00000000 ____D C:\ProgramData\AOL Downloads
2016-04-29 12:25 - 2016-05-12 01:12 - 00000000 ____D C:\Users\JT\AppData\Local\MicrosoftEdge
2016-04-29 12:24 - 2016-04-29 12:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-29 12:24 - 2016-04-29 12:24 - 00002105 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-29 12:24 - 2016-04-29 12:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-29 12:24 - 2016-04-29 12:24 - 00000000 ____D C:\Program Files\Adobe
2016-04-29 12:17 - 2016-04-29 12:17 - 00000000 ____D C:\Users\JT\AppData\Roaming\Oracle
2016-04-29 12:17 - 2016-04-29 12:17 - 00000000 ____D C:\Program Files\Common Files\Java
2016-04-29 12:16 - 2016-04-29 12:17 - 00000000 ____D C:\ProgramData\Oracle
2016-04-29 12:16 - 2016-04-29 12:16 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Users\JT\AppData\Roaming\Sun
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Users\JT\AppData\LocalLow\Sun
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Users\JT\.oracle_jre_usage
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Program Files\Java
2016-04-29 12:15 - 2016-04-29 12:15 - 00000000 ____D C:\Users\JT\AppData\LocalLow\Oracle
2016-04-29 12:13 - 2016-05-10 11:21 - 00000000 ____D C:\Users\JT\AppData\Local\Adobe
2016-04-29 12:11 - 2016-04-29 12:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-04-29 11:22 - 2016-04-29 11:22 - 00000000 ____D C:\Users\JT\AppData\Local\PeerDistRepub
2016-04-29 11:08 - 2016-04-01 23:17 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-29 11:08 - 2016-04-01 22:20 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-29 11:08 - 2016-04-01 22:14 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-29 11:08 - 2016-04-01 22:12 - 01887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-29 11:08 - 2016-03-29 04:38 - 05797216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-29 11:08 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-29 11:08 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-29 11:08 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-29 11:08 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-29 11:08 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-29 11:08 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-29 11:08 - 2016-03-29 01:14 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-29 11:08 - 2016-03-29 01:05 - 01894912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-29 11:08 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-29 11:08 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-29 11:08 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-29 11:08 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-29 11:08 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-29 11:08 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-29 11:08 - 2016-03-29 00:49 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-29 11:08 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-29 11:08 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-29 11:08 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-29 11:08 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-29 11:08 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-04-29 11:08 - 2016-02-24 04:11 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-29 11:08 - 2016-02-24 04:10 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-29 11:08 - 2016-02-24 04:03 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-29 11:08 - 2016-02-24 03:50 - 02885680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-29 11:08 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-04-29 11:08 - 2016-02-24 02:35 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-04-29 11:08 - 2016-02-24 02:35 - 00482656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-04-29 11:08 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-04-29 11:08 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-04-29 11:08 - 2016-02-23 05:33 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-29 11:08 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-04-29 11:08 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-04-29 11:08 - 2016-02-23 04:37 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-04-29 11:08 - 2016-02-23 04:37 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-04-29 11:08 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-29 11:08 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-29 11:08 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-04-29 11:08 - 2016-02-23 02:43 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-04-29 11:08 - 2016-02-23 02:42 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-04-29 11:08 - 2016-02-23 02:23 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-04-29 11:08 - 2016-02-23 02:16 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-04-29 11:08 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-29 11:08 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-04-29 11:08 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-04-29 11:08 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-04-29 11:07 - 2016-04-01 23:14 - 00757192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-29 11:07 - 2016-04-01 23:14 - 00613112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-29 11:07 - 2016-04-01 23:14 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-29 11:07 - 2016-04-01 22:30 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-29 11:07 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-29 11:07 - 2016-04-01 22:26 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-29 11:07 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-29 11:07 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-29 11:07 - 2016-04-01 22:22 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-29 11:07 - 2016-04-01 22:20 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-29 11:07 - 2016-04-01 22:17 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-29 11:07 - 2016-04-01 22:11 - 01524736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-29 11:07 - 2016-04-01 22:10 - 02871296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-29 11:07 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-29 11:07 - 2016-04-01 22:05 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-29 11:07 - 2016-03-29 04:41 - 00875992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-29 11:07 - 2016-03-29 04:41 - 00771120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-29 11:07 - 2016-03-29 04:41 - 00228696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-29 11:07 - 2016-03-29 04:38 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-29 11:07 - 2016-03-29 04:38 - 00927072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-29 11:07 - 2016-03-29 04:36 - 01820512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-29 11:07 - 2016-03-29 04:33 - 00084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-29 11:07 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-29 11:07 - 2016-03-29 04:21 - 00922456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-29 11:07 - 2016-03-29 04:20 - 00856928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-29 11:07 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-29 11:07 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-29 11:07 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-29 11:07 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-29 11:07 - 2016-03-29 03:41 - 00203104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-29 11:07 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-29 11:07 - 2016-03-29 03:34 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-29 11:07 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-29 11:07 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-29 11:07 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-29 11:07 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-29 11:07 - 2016-03-29 03:24 - 00063008 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-29 11:07 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-29 11:07 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-29 11:07 - 2016-03-29 02:46 - 01861984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-29 11:07 - 2016-03-29 02:46 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-29 11:07 - 2016-03-29 02:42 - 00287072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-29 11:07 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-04-29 11:07 - 2016-03-29 02:20 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-29 11:07 - 2016-03-29 02:20 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-29 11:07 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-29 11:07 - 2016-03-29 02:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-29 11:07 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-29 11:07 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-29 11:07 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-29 11:07 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-29 11:07 - 2016-03-29 02:09 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-29 11:07 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-29 11:07 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-29 11:07 - 2016-03-29 02:08 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-29 11:07 - 2016-03-29 02:06 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-29 11:07 - 2016-03-29 02:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-29 11:07 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-29 11:07 - 2016-03-29 02:05 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-29 11:07 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-29 11:07 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-29 11:07 - 2016-03-29 02:02 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-29 11:07 - 2016-03-29 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-29 11:07 - 2016-03-29 01:59 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-29 11:07 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-29 11:07 - 2016-03-29 01:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-29 11:07 - 2016-03-29 01:54 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-29 11:07 - 2016-03-29 01:53 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-29 11:07 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-29 11:07 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-29 11:07 - 2016-03-29 01:53 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-29 11:07 - 2016-03-29 01:52 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-29 11:07 - 2016-03-29 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-29 11:07 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-29 11:07 - 2016-03-29 01:47 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-29 11:07 - 2016-03-29 01:46 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-29 11:07 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-29 11:07 - 2016-03-29 01:44 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-29 11:07 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-29 11:07 - 2016-03-29 01:43 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-29 11:07 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-29 11:07 - 2016-03-29 01:41 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-29 11:07 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-29 11:07 - 2016-03-29 01:40 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-29 11:07 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-29 11:07 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-29 11:07 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-29 11:07 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-29 11:07 - 2016-03-29 01:38 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-29 11:07 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-29 11:07 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-29 11:07 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-29 11:07 - 2016-03-29 01:36 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-29 11:07 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-29 11:07 - 2016-03-29 01:34 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-29 11:07 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-29 11:07 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-29 11:07 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-29 11:07 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-29 11:07 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-29 11:07 - 2016-03-29 01:29 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-29 11:07 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-29 11:07 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-29 11:07 - 2016-03-29 01:26 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-29 11:07 - 2016-03-29 01:26 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-29 11:07 - 2016-03-29 01:25 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-29 11:07 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-29 11:07 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-29 11:07 - 2016-03-29 01:18 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-29 11:07 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-29 11:07 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-29 11:07 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-29 11:07 - 2016-03-29 01:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-29 11:07 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-29 11:07 - 2016-03-29 01:04 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-29 11:07 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-29 11:07 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-29 11:07 - 2016-03-29 00:55 - 00614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-29 11:07 - 2016-03-29 00:46 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-29 11:07 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-29 11:07 - 2016-03-29 00:42 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-29 11:07 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-29 11:07 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-29 11:07 - 2016-03-29 00:36 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-29 11:07 - 2016-03-29 00:32 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-29 11:07 - 2016-03-29 00:30 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-29 11:07 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-29 11:07 - 2016-03-29 00:25 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-29 11:07 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-29 11:07 - 2016-03-29 00:24 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-29 11:07 - 2016-03-29 00:21 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-29 11:07 - 2016-02-24 04:15 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-29 11:07 - 2016-02-24 03:57 - 01174368 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-04-29 11:07 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-04-29 11:07 - 2016-02-24 03:15 - 00107872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-04-29 11:07 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-29 11:07 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-29 11:07 - 2016-02-24 03:03 - 00510880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-29 11:07 - 2016-02-24 02:59 - 00118304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-29 11:07 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-29 11:07 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-04-29 11:07 - 2016-02-24 02:35 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-04-29 11:07 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-04-29 11:07 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-04-29 11:07 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-04-29 11:07 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-04-29 11:07 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-29 11:07 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-29 11:07 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-29 11:07 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-29 11:07 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-29 11:07 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-29 11:07 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-29 11:07 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-04-29 11:07 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-29 11:07 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-29 11:07 - 2016-02-24 01:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-29 11:07 - 2016-02-24 01:37 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-04-29 11:07 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-29 11:07 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-04-29 11:07 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-29 11:07 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-29 11:07 - 2016-02-24 01:29 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-29 11:07 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-29 11:07 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-29 11:07 - 2016-02-24 01:27 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-29 11:07 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-29 11:07 - 2016-02-24 01:23 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-29 11:07 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-29 11:07 - 2016-02-24 01:20 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-04-29 11:07 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-29 11:07 - 2016-02-24 01:18 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-29 11:07 - 2016-02-24 01:18 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-04-29 11:07 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-29 11:07 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-29 11:07 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-04-29 11:07 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-29 11:07 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-29 11:07 - 2016-02-24 01:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-04-29 11:07 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-29 11:07 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-29 11:07 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-29 11:07 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-29 11:07 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-04-29 11:07 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-29 11:07 - 2016-02-24 00:59 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-29 11:07 - 2016-02-24 00:55 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-04-29 11:07 - 2016-02-24 00:51 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-29 11:07 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-29 11:07 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-29 11:07 - 2016-02-23 05:33 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2016-04-29 11:07 - 2016-02-23 05:33 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-04-29 11:07 - 2016-02-23 05:32 - 00462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-04-29 11:07 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-04-29 11:07 - 2016-02-23 04:40 - 00306840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-04-29 11:07 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:23 - 00124256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-04-29 11:07 - 2016-02-23 03:51 - 00381280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-29 11:07 - 2016-02-23 03:43 - 00639168 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-29 11:07 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-04-29 11:07 - 2016-02-23 03:36 - 00429920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-04-29 11:07 - 2016-02-23 03:25 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-04-29 11:07 - 2016-02-23 03:25 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-04-29 11:07 - 2016-02-23 03:21 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-04-29 11:07 - 2016-02-23 03:18 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-04-29 11:07 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-04-29 11:07 - 2016-02-23 03:14 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-04-29 11:07 - 2016-02-23 03:13 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-04-29 11:07 - 2016-02-23 03:08 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-29 11:07 - 2016-02-23 03:07 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-29 11:07 - 2016-02-23 03:07 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-04-29 11:07 - 2016-02-23 03:05 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-04-29 11:07 - 2016-02-23 03:03 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-04-29 11:07 - 2016-02-23 03:01 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-04-29 11:07 - 2016-02-23 03:01 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-04-29 11:07 - 2016-02-23 03:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-04-29 11:07 - 2016-02-23 02:59 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-04-29 11:07 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-04-29 11:07 - 2016-02-23 02:51 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-04-29 11:07 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-04-29 11:07 - 2016-02-23 02:50 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-29 11:07 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-04-29 11:07 - 2016-02-23 02:48 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-04-29 11:07 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-04-29 11:07 - 2016-02-23 02:46 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-04-29 11:07 - 2016-02-23 02:45 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-04-29 11:07 - 2016-02-23 02:44 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-04-29 11:07 - 2016-02-23 02:41 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-04-29 11:07 - 2016-02-23 02:40 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-04-29 11:07 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-04-29 11:07 - 2016-02-23 02:38 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-04-29 11:07 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-04-29 11:07 - 2016-02-23 02:36 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-04-29 11:07 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-04-29 11:07 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-04-29 11:07 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-04-29 11:07 - 2016-02-23 02:28 - 00810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-04-29 11:07 - 2016-02-23 02:28 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-04-29 11:07 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-04-29 11:07 - 2016-02-23 02:24 - 00489984 _

#4 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 12 May 2016 - 01:41 AM

It looks like my FRST and Security Analysis logs got cut off, so, here they are:

 

FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2016
Ran by JT (administrator) on JT-THINK (12-05-2016 02:03:27)
Running from C:\Users\JT\Desktop
Loaded Profiles: JT (Available Profiles: JT)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
() C:\Windows\System32\spdsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1461953896\ee\aolsoftware.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\waol.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.2\shellmon.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [69632 2010-07-27] (Primax Electronics Ltd.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [Power Manager Power Agenda] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-10-16] ()
HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1461953896\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] ()
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.)
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2016-04-29]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07b1fe26-8859-41cb-a702-4251b9c01382}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com/
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM -> DefaultScope {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2437397390-83434516-1202361525-1000 -> DefaultScope {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = 
SearchScopes: HKU\S-1-5-21-2437397390-83434516-1202361525-1000 -> {2F2AD73C-443C-40B1-AC84-A65D568AB177} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-01-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-01-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-15] [not signed]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [184320 2010-04-22] () [File not signed]
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe [463552 2015-03-10] (Samsung Electronics Co., Ltd.)
R2 Samsung Printer Dianostics Service; C:\WINDOWS\system32\\spdsvc.exe [498488 2016-05-01] ()
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-08-27] (Lenovo Group Limited) [File not signed]
S2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-03] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63.sys [6811648 2015-10-30] (Broadcom Corporation)
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [19456 2015-12-16] (TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [27648 2015-12-22] (TPMX Electronics Ltd.)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2015-10-30] (Realtek                                            )
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2014-05-07] (Samsung Electronics) [File not signed]
R1 vrvd5; C:\WINDOWS\system32\DRIVERS\vrvd5.sys [11296 2016-04-29] (Rsupport Corporation)
R3 wanatw; C:\WINDOWS\System32\drivers\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssasnt.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 02:03 - 2016-05-12 02:03 - 00012020 _____ C:\Users\JT\Desktop\FRST.txt
2016-05-12 02:02 - 2016-05-12 02:03 - 00000000 ____D C:\FRST
2016-05-12 01:59 - 2016-05-12 02:02 - 01732096 _____ (Farbar) C:\Users\JT\Desktop\FRST.exe
2016-05-12 01:57 - 2016-05-12 01:57 - 00001047 _____ C:\Users\JT\Documents\MBAM-log_05-12-16.txt
2016-05-10 11:21 - 2016-05-10 11:21 - 00000000 ____D C:\Users\JT\AppData\LocalLow\Adobe
2016-05-10 10:50 - 2016-05-10 10:50 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-02 11:13 - 2016-05-02 11:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-30 15:04 - 2016-04-30 15:05 - 00476584 _____ (Symantec Corporation) C:\Users\JT\Desktop\FixToolKotver32.exe
2016-04-29 17:37 - 2016-05-01 09:38 - 00498488 ____N C:\WINDOWS\system32\spdsvc.exe
2016-04-29 17:37 - 2016-04-29 17:37 - 02078208 ____N C:\WINDOWS\system32\DlgSearchEngine.dll
2016-04-29 17:37 - 2015-12-04 10:03 - 00017831 ____N C:\WINDOWS\system32\spddata.xml
2016-04-29 17:36 - 2016-04-29 17:37 - 00000000 ____D C:\Users\JT\AppData\Roaming\Samsung
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Users\JT\AppData\Local\Samsung
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdateInstaller
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\Common Files\Scan Process Machine
2016-04-29 17:36 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent
2016-04-29 17:36 - 2015-03-10 09:03 - 00311488 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\NetFaxPort.dll
2016-04-29 17:36 - 2015-03-10 08:58 - 00474112 _____ (Samsung Software Center) C:\WINDOWS\prinst.exe
2016-04-29 17:35 - 2016-04-29 17:37 - 00002315 _____ C:\Users\Public\Desktop\Samsung Printer Diagnostics.lnk
2016-04-29 17:35 - 2016-04-29 17:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-04-29 17:35 - 2015-09-02 04:45 - 01545216 _____ C:\WINDOWS\system32\eed_ec.dll
2016-04-29 17:35 - 2015-09-02 04:45 - 00688920 _____ (Samsung Electronics) C:\WINDOWS\system32\eed_sl.exe
2016-04-29 17:35 - 2015-08-20 04:53 - 00125248 _____ C:\WINDOWS\Wiainst.exe
2016-04-29 17:35 - 2015-03-18 10:09 - 00158040 _____ (SS) C:\WINDOWS\system32\ssm1mci.exe
2016-04-29 17:35 - 2015-03-18 10:09 - 00065536 _____ (SS) C:\WINDOWS\system32\ssm1mci.dll
2016-04-29 17:35 - 2015-03-18 10:09 - 00018432 _____ () C:\WINDOWS\system32\ssm1mlm.dll
2016-04-29 17:35 - 2015-03-18 10:09 - 00000273 _____ C:\WINDOWS\system32\eed_sl.exe.config
2016-04-29 17:35 - 2012-08-05 10:19 - 00185710 ____N C:\WINDOWS\ssm1mLTR.prn
2016-04-29 17:35 - 2012-08-05 10:19 - 00185710 ____N C:\WINDOWS\SCX3400LTR.prn
2016-04-29 17:35 - 2012-08-05 10:19 - 00173079 ____N C:\WINDOWS\ssm1mA4.prn
2016-04-29 17:35 - 2012-08-05 10:19 - 00173079 ____N C:\WINDOWS\SCX3400A4.prn
2016-04-29 17:35 - 2011-03-21 03:35 - 00049152 _____ (Samsung Electronics) C:\WINDOWS\system32\Ssusbpn.dll
2016-04-29 17:35 - 2011-03-18 00:49 - 00274432 _____ C:\WINDOWS\system32\SaMinDrv.dll
2016-04-29 17:35 - 2011-03-18 00:49 - 00106496 _____ C:\WINDOWS\system32\SaImgFlt.dll
2016-04-29 17:35 - 2011-03-18 00:49 - 00061440 _____ C:\WINDOWS\system32\SaErHdlr.dll
2016-04-29 17:34 - 2016-04-29 17:36 - 00000000 ____D C:\Program Files\Samsung
2016-04-29 17:34 - 2015-08-20 04:54 - 00094208 ____N C:\WINDOWS\system32\ssdevm.dll
2016-04-29 17:31 - 2016-04-29 17:31 - 04357416 _____ C:\Users\JT\Downloads\SamsungPrinterInstaller.exe
2016-04-29 17:28 - 2016-04-29 17:49 - 00000000 ____D C:\Users\Public\Documents\RSupport
2016-04-29 17:28 - 2016-04-29 17:49 - 00000000 ____D C:\Program Files\Rsupport
2016-04-29 17:28 - 2016-04-29 17:28 - 00054048 _____ (Rsupport Corporation) C:\WINDOWS\system32\vrvd5.dll
2016-04-29 17:28 - 2016-04-29 17:28 - 00011296 _____ (Rsupport Corporation) C:\WINDOWS\system32\Drivers\vrvd5.sys
2016-04-29 14:12 - 2016-05-12 01:48 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 14:12 - 2016-04-29 14:12 - 00001140 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-29 14:12 - 2016-04-29 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-29 14:12 - 2016-04-29 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-29 14:12 - 2016-04-29 14:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-04-29 14:12 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-29 14:12 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-29 14:12 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-29 14:11 - 2016-04-29 14:11 - 22851472 _____ (Malwarebytes ) C:\Users\JT\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-29 13:55 - 2016-04-29 13:55 - 00001193 _____ C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
2016-04-29 13:55 - 2016-04-29 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
2016-04-29 13:55 - 2016-04-29 13:55 - 00000000 ____D C:\Program Files\Nitro PDF
2016-04-29 13:55 - 2015-09-01 08:41 - 00180624 _____ C:\WINDOWS\system32\Primomonnt.dll
2016-04-29 13:50 - 2016-04-29 13:54 - 07274960 _____ C:\Users\JT\Downloads\InternationalPrimoPDF.exe
2016-04-29 13:20 - 2016-04-29 13:20 - 00000000 ____D C:\Users\JT\AppData\Local\CEF
2016-04-29 13:19 - 2016-04-29 13:19 - 00001081 _____ C:\Users\Public\Desktop\AOL Desktop.lnk
2016-04-29 13:19 - 2016-04-29 13:19 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop.lnk
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\Users\JT\AppData\Roaming\AOL
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\Viewpoint
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\Macromedia
2016-04-29 13:19 - 2016-04-29 13:19 - 00000000 ____D C:\Program Files\Viewpoint
2016-04-29 13:19 - 2016-04-29 13:15 - 00058696 _____ (AOL Inc.) C:\WINDOWS\system32\AOLParconLink.exe
2016-04-29 13:18 - 2016-04-29 13:20 - 00000000 ____D C:\Program Files\AOL Desktop 9.8.2
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\Users\JT\AppData\Local\AOL
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\ProgramData\AOL
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\Program Files\Common Files\aolshare
2016-04-29 13:18 - 2016-04-29 13:19 - 00000000 ____D C:\Program Files\Common Files\AOL
2016-04-29 13:18 - 2016-04-29 13:18 - 00000000 ____D C:\ProgramData\AOL OCP
2016-04-29 13:18 - 2016-04-29 13:18 - 00000000 ____D C:\Program Files\AOL
2016-04-29 13:18 - 2006-11-29 17:24 - 00033588 _____ (America Online, Inc.) C:\WINDOWS\system32\Drivers\wanatw4.sys
2016-04-29 13:14 - 2016-04-29 13:14 - 00000335 _____ C:\WINDOWS\nsreg.dat
2016-04-29 13:14 - 2016-04-29 13:14 - 00000000 ____D C:\ProgramData\AOL Downloads
2016-04-29 12:25 - 2016-05-12 01:12 - 00000000 ____D C:\Users\JT\AppData\Local\MicrosoftEdge
2016-04-29 12:24 - 2016-04-29 12:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-29 12:24 - 2016-04-29 12:24 - 00002105 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-29 12:24 - 2016-04-29 12:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-29 12:24 - 2016-04-29 12:24 - 00000000 ____D C:\Program Files\Adobe
2016-04-29 12:17 - 2016-04-29 12:17 - 00000000 ____D C:\Users\JT\AppData\Roaming\Oracle
2016-04-29 12:17 - 2016-04-29 12:17 - 00000000 ____D C:\Program Files\Common Files\Java
2016-04-29 12:16 - 2016-04-29 12:17 - 00000000 ____D C:\ProgramData\Oracle
2016-04-29 12:16 - 2016-04-29 12:16 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Users\JT\AppData\Roaming\Sun
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Users\JT\AppData\LocalLow\Sun
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Users\JT\.oracle_jre_usage
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-29 12:16 - 2016-04-29 12:16 - 00000000 ____D C:\Program Files\Java
2016-04-29 12:15 - 2016-04-29 12:15 - 00000000 ____D C:\Users\JT\AppData\LocalLow\Oracle
2016-04-29 12:13 - 2016-05-10 11:21 - 00000000 ____D C:\Users\JT\AppData\Local\Adobe
2016-04-29 12:11 - 2016-04-29 12:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-04-29 11:22 - 2016-04-29 11:22 - 00000000 ____D C:\Users\JT\AppData\Local\PeerDistRepub
2016-04-29 11:08 - 2016-04-01 23:17 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-29 11:08 - 2016-04-01 22:20 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-29 11:08 - 2016-04-01 22:14 - 03197440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-29 11:08 - 2016-04-01 22:12 - 01887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-29 11:08 - 2016-03-29 04:38 - 05797216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-29 11:08 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-29 11:08 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-29 11:08 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-29 11:08 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-29 11:08 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-29 11:08 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-29 11:08 - 2016-03-29 01:14 - 02975232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-29 11:08 - 2016-03-29 01:05 - 01894912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-29 11:08 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-29 11:08 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-29 11:08 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-29 11:08 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-29 11:08 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-29 11:08 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-29 11:08 - 2016-03-29 00:49 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-29 11:08 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-29 11:08 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-29 11:08 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-29 11:08 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-29 11:08 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-04-29 11:08 - 2016-02-24 04:11 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-29 11:08 - 2016-02-24 04:10 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-29 11:08 - 2016-02-24 04:03 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-29 11:08 - 2016-02-24 03:50 - 02885680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-04-29 11:08 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-04-29 11:08 - 2016-02-24 02:35 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-04-29 11:08 - 2016-02-24 02:35 - 00482656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-04-29 11:08 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-04-29 11:08 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-04-29 11:08 - 2016-02-23 05:33 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-29 11:08 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-04-29 11:08 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-04-29 11:08 - 2016-02-23 04:37 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-04-29 11:08 - 2016-02-23 04:37 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-04-29 11:08 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-29 11:08 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-29 11:08 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-04-29 11:08 - 2016-02-23 02:43 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-04-29 11:08 - 2016-02-23 02:42 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-04-29 11:08 - 2016-02-23 02:23 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-04-29 11:08 - 2016-02-23 02:16 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-04-29 11:08 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-29 11:08 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-04-29 11:08 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-04-29 11:08 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-04-29 11:07 - 2016-04-01 23:14 - 00757192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-29 11:07 - 2016-04-01 23:14 - 00613112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-29 11:07 - 2016-04-01 23:14 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-29 11:07 - 2016-04-01 22:30 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-29 11:07 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-29 11:07 - 2016-04-01 22:26 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-29 11:07 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-29 11:07 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-29 11:07 - 2016-04-01 22:22 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-29 11:07 - 2016-04-01 22:20 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-29 11:07 - 2016-04-01 22:17 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-29 11:07 - 2016-04-01 22:11 - 01524736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-29 11:07 - 2016-04-01 22:10 - 02871296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-29 11:07 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-29 11:07 - 2016-04-01 22:05 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-29 11:07 - 2016-03-29 04:41 - 00875992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-29 11:07 - 2016-03-29 04:41 - 00771120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-29 11:07 - 2016-03-29 04:41 - 00228696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-29 11:07 - 2016-03-29 04:38 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-29 11:07 - 2016-03-29 04:38 - 00927072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-29 11:07 - 2016-03-29 04:36 - 01820512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-29 11:07 - 2016-03-29 04:33 - 00084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-29 11:07 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-29 11:07 - 2016-03-29 04:21 - 00922456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-29 11:07 - 2016-03-29 04:20 - 00856928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-29 11:07 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-29 11:07 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-29 11:07 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-29 11:07 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-29 11:07 - 2016-03-29 03:41 - 00203104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-29 11:07 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-29 11:07 - 2016-03-29 03:34 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-29 11:07 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-29 11:07 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-29 11:07 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-29 11:07 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-29 11:07 - 2016-03-29 03:24 - 00063008 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-29 11:07 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-29 11:07 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-29 11:07 - 2016-03-29 02:46 - 01861984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-29 11:07 - 2016-03-29 02:46 - 00771424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-29 11:07 - 2016-03-29 02:42 - 00287072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-29 11:07 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-04-29 11:07 - 2016-03-29 02:20 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-29 11:07 - 2016-03-29 02:20 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-29 11:07 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-29 11:07 - 2016-03-29 02:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-29 11:07 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-29 11:07 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-29 11:07 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-29 11:07 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-29 11:07 - 2016-03-29 02:09 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-29 11:07 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-29 11:07 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-29 11:07 - 2016-03-29 02:08 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-29 11:07 - 2016-03-29 02:06 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-29 11:07 - 2016-03-29 02:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-29 11:07 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-29 11:07 - 2016-03-29 02:05 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-29 11:07 - 2016-03-29 02:05 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-29 11:07 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-29 11:07 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-29 11:07 - 2016-03-29 02:02 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-29 11:07 - 2016-03-29 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-29 11:07 - 2016-03-29 01:59 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-29 11:07 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-29 11:07 - 2016-03-29 01:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-29 11:07 - 2016-03-29 01:54 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-29 11:07 - 2016-03-29 01:53 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-29 11:07 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-29 11:07 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-29 11:07 - 2016-03-29 01:53 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-29 11:07 - 2016-03-29 01:52 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-29 11:07 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-29 11:07 - 2016-03-29 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-29 11:07 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-29 11:07 - 2016-03-29 01:47 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-29 11:07 - 2016-03-29 01:46 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-29 11:07 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-29 11:07 - 2016-03-29 01:44 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-29 11:07 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-29 11:07 - 2016-03-29 01:43 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-29 11:07 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-29 11:07 - 2016-03-29 01:41 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-29 11:07 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-29 11:07 - 2016-03-29 01:40 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-29 11:07 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-29 11:07 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-29 11:07 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-29 11:07 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-29 11:07 - 2016-03-29 01:38 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-29 11:07 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-29 11:07 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-29 11:07 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-29 11:07 - 2016-03-29 01:36 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-29 11:07 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-29 11:07 - 2016-03-29 01:34 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-29 11:07 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-29 11:07 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-29 11:07 - 2016-03-29 01:32 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-29 11:07 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-29 11:07 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-29 11:07 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-29 11:07 - 2016-03-29 01:29 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-29 11:07 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-29 11:07 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-29 11:07 - 2016-03-29 01:26 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-29 11:07 - 2016-03-29 01:26 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-29 11:07 - 2016-03-29 01:25 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-29 11:07 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-29 11:07 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-29 11:07 - 2016-03-29 01:18 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-29 11:07 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-29 11:07 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-29 11:07 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-29 11:07 - 2016-03-29 01:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-29 11:07 - 2016-03-29 01:06 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-29 11:07 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-29 11:07 - 2016-03-29 01:04 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-29 11:07 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-29 11:07 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-29 11:07 - 2016-03-29 00:55 - 00614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-29 11:07 - 2016-03-29 00:46 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-29 11:07 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-29 11:07 - 2016-03-29 00:42 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-29 11:07 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-29 11:07 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-29 11:07 - 2016-03-29 00:36 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-29 11:07 - 2016-03-29 00:32 - 00742400 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-29 11:07 - 2016-03-29 00:30 - 00782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-29 11:07 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-29 11:07 - 2016-03-29 00:25 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-29 11:07 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-29 11:07 - 2016-03-29 00:24 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-29 11:07 - 2016-03-29 00:21 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-29 11:07 - 2016-02-24 04:15 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-29 11:07 - 2016-02-24 03:57 - 01174368 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-04-29 11:07 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-04-29 11:07 - 2016-02-24 03:15 - 00107872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-04-29 11:07 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-29 11:07 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-04-29 11:07 - 2016-02-24 03:03 - 00510880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-04-29 11:07 - 2016-02-24 02:59 - 00118304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-04-29 11:07 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-29 11:07 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-04-29 11:07 - 2016-02-24 02:35 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-04-29 11:07 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-04-29 11:07 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-04-29 11:07 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-04-29 11:07 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-04-29 11:07 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-04-29 11:07 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-04-29 11:07 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-04-29 11:07 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-04-29 11:07 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-04-29 11:07 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-04-29 11:07 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-04-29 11:07 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-04-29 11:07 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-04-29 11:07 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-04-29 11:07 - 2016-02-24 01:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-04-29 11:07 - 2016-02-24 01:37 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-04-29 11:07 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-04-29 11:07 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-04-29 11:07 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-04-29 11:07 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-04-29 11:07 - 2016-02-24 01:29 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-04-29 11:07 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-04-29 11:07 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-04-29 11:07 - 2016-02-24 01:27 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-04-29 11:07 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-04-29 11:07 - 2016-02-24 01:23 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-04-29 11:07 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-04-29 11:07 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-04-29 11:07 - 2016-02-24 01:20 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-04-29 11:07 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-04-29 11:07 - 2016-02-24 01:18 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-04-29 11:07 - 2016-02-24 01:18 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-04-29 11:07 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-04-29 11:07 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-04-29 11:07 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-04-29 11:07 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-04-29 11:07 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-04-29 11:07 - 2016-02-24 01:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-04-29 11:07 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-04-29 11:07 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-04-29 11:07 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-04-29 11:07 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-04-29 11:07 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-04-29 11:07 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-04-29 11:07 - 2016-02-24 00:59 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-04-29 11:07 - 2016-02-24 00:55 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-04-29 11:07 - 2016-02-24 00:51 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-04-29 11:07 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-04-29 11:07 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-04-29 11:07 - 2016-02-23 05:33 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2016-04-29 11:07 - 2016-02-23 05:33 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-04-29 11:07 - 2016-02-23 05:32 - 00462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-04-29 11:07 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-04-29 11:07 - 2016-02-23 04:40 - 00306840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-04-29 11:07 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-04-29 11:07 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-04-29 11:07 - 2016-02-23 04:23 - 00124256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-04-29 11:07 - 2016-02-23 03:51 - 00381280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-29 11:07 - 2016-02-23 03:43 - 00639168 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-29 11:07 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-04-29 11:07 - 2016-02-23 03:36 - 00429920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-04-29 11:07 - 2016-02-23 03:25 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-04-29 11:07 - 2016-02-23 03:25 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-04-29 11:07 - 2016-02-23 03:21 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-04-29 11:07 - 2016-02-23 03:18 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-04-29 11:07 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-04-29 11:07 - 2016-02-23 03:14 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-04-29 11:07 - 2016-02-23 03:13 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-04-29 11:07 - 2016-02-23 03:08 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-29 11:07 - 2016-02-23 03:07 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-04-29 11:07 - 2016-02-23 03:07 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-04-29 11:07 - 2016-02-23 03:05 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-04-29 11:07 - 2016-02-23 03:03 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-04-29 11:07 - 2016-02-23 03:01 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-04-29 11:07 - 2016-02-23 03:01 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-04-29 11:07 - 2016-02-23 03:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-04-29 11:07 - 2016-02-23 02:59 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-04-29 11:07 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-04-29 11:07 - 2016-02-23 02:51 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-04-29 11:07 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-04-29 11:07 - 2016-02-23 02:50 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-04-29 11:07 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-04-29 11:07 - 2016-02-23 02:48 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-04-29 11:07 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-04-29 11:07 - 2016-02-23 02:46 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-04-29 11:07 - 2016-02-23 02:45 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-04-29 11:07 - 2016-02-23 02:44 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-04-29 11:07 - 2016-02-23 02:41 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-04-29 11:07 - 2016-02-23 02:40 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-04-29 11:07 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-04-29 11:07 - 2016-02-23 02:38 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-04-29 11:07 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-04-29 11:07 - 2016-02-23 02:36 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-04-29 11:07 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-04-29 11:07 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-04-29 11:07 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-04-29 11:07 - 2016-02-23 02:28 - 00810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-04-29 11:07 - 2016-02-23 02:28 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-04-29 11:07 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-04-29 11:07 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-04-29 11:07 - 2016-02-23 02:24 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-04-29 11:07 - 2016-02-23 02:24 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-29 11:07 - 2016-02-23 02:23 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-04-29 11:07 - 2016-02-23 02:20 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-04-29 11:07 - 2016-02-23 02:14 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-04-29 11:07 - 2016-02-23 02:05 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-04-29 11:07 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-29 11:07 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-29 11:07 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-29 11:07 - 2016-02-23 01:36 - 01931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-04-29 11:07 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-04-29 11:07 - 2016-02-08 22:09 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-04-29 11:06 - 2016-03-29 02:30 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-29 11:06 - 2016-03-29 02:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-29 11:06 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corp

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,201 posts

Posted 12 May 2016 - 06:37 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
U3 idsvc; no ImagePath
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssasnt.sys [X]
U3 wpcsvc; no ImagePath


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

----
p.s.
Please post the content of the Addition.txt file that was created by the Farbar tool.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 12 May 2016 - 12:58 PM

Hello nasdaq,
 
I ran the FRST Fix; here is the Fixlog file: 
 
FRST - Fixlog.txt:
 
Fix result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by JT (2016-05-12 12:58:15) Run:1
Running from C:\Users\JT\Desktop
Loaded Profiles: JT (Available Profiles: JT)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
U3 idsvc; no ImagePath
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssasnt.sys [X]
U3 wpcsvc; no ImagePath
 
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\@viewpoint.com/VMP" => key removed successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => moved successfully
idsvc => service removed successfully.
rssasnt => service removed successfully.
wpcsvc => service removed successfully.
EmptyTemp: => 205.5 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:58:23 ====
 
 
As you requested, here is the FRST Addition log: 
 
FRST - Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by JT (2016-05-12 02:03:50)
Running from C:\Users\JT\Desktop
Microsoft Windows 10 Pro Version 1511 (X86) (2016-04-29 00:21:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2437397390-83434516-1202361525-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2437397390-83434516-1202361525-503 - Limited - Disabled)
Guest (S-1-5-21-2437397390-83434516-1202361525-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2437397390-83434516-1202361525-1002 - Limited - Enabled)
JT (S-1-5-21-2437397390-83434516-1202361525-1000 - Administrator - Enabled) => C:\Users\JT
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Burn.Now 4.5 (Version: 4.5.0 - Corel Corporation) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.60 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.21 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version:  - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.60 (3/17/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.82.00(7/27/2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.11.28 (3/10/2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.4.7 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-3400 Series (HKLM\...\Samsung SCX-3400 Series) (Version: 1.29 (9/9/2015) - Samsung Electronics Co., Ltd.)
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0006 - Lenovo)
ThinkVantage Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.01.0065 - Lenovo Group Limited)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Windows Driver Package - Broadcom (BCM43XX) Net  (07/07/2009 5.30.21.0) (HKLM\...\414A4AAEF48D5CDBF7923BE3C0EEBEB6406B4EC5) (Version: 07/07/2009 5.30.21.0 - Broadcom)
Windows Driver Package - Intel Corporation (igfx) Display  (08/27/2009 8.15.10.1883) (HKLM\...\4CD59F1A6A7584922CDC8F5141764CAB77E8E9D4) (Version: 08/27/2009 8.15.10.1883 - Intel Corporation)
Windows Driver Package - Realtek (RTL8167) Net  (05/22/2009 7.003.0522.2009) (HKLM\...\10B8CB63C0B79896AC04A39182F9215B1589262F) (Version: 05/22/2009 7.003.0522.2009 - Realtek)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2437397390-83434516-1202361525-1000_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.8.2\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2437397390-83434516-1202361525-1000_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.8.2\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-2437397390-83434516-1202361525-1000_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.8.2\axtrack.dll (AOL Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09114900-243F-45AE-A1CB-E88DE469278D} - System32\Tasks\TVT\ChangePWD => C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {0A9C5794-DDA7-433C-81F3-EAB70ED2EEE5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {0EDA5533-CBAD-4DC1-BC9F-ACCB5909CF2E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {10D044F9-1119-4B50-AC93-3C6EB1D1ADC7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1A6E7958-FC19-4DC0-A15E-CE8F944501AE} - System32\Tasks\TVT\UpdateRnR => C:\Program Files\Common Files\Lenovo\Scheduler\tvtsetsched.exe [2009-08-28] ()
Task: {1B391962-E023-4979-8937-63BF567881DC} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-10-16] (Lenovo Group Limited)
Task: {22C3224D-13B8-4815-AB5B-DB97DC04CF3B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2010-11-11] (PC-Doctor, Inc.)
Task: {28CFE8AD-C810-4350-AAA0-E35F943915A0} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-11-11] ()
Task: {3A0B2681-36FE-4076-9338-27C15B6E56B9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474BB762-CB1E-4E08-8370-0EBDD6F1F2DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4AE94991-B665-47C8-AC4E-35315F48346B} - System32\Tasks\TVT\LaunchRnR => C:\Program Files\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {4E007AD3-62A3-4962-A27E-F2E308879C7C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5138DC03-CBDD-4AA0-AD17-450FB354DF01} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {629F89C9-8962-4C59-8536-8BD9DDA9D969} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77D05746-B6CC-4D6A-9750-6B603F74BE7C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7CF1A4FE-67BD-4123-B4FB-57AA6EDA972A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7D7F6194-1DD3-4D26-9E8B-0A66DACC3604} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {81BDCFE6-0830-4EDB-8DD7-108A1A9D4AFD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8383AFDD-06A9-402A-9076-C9AE47AD2CBE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-05-10] (Adobe Systems Incorporated)
Task: {A2880394-E02C-4FB2-8C95-1B92CC2F2213} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AEA9F5A7-13DA-4088-925F-A75E356F6BAC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B2910450-7DDE-4118-AE67-04E128535866} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B906A927-445B-40E4-8586-CE0623E02988} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BEB3C7FA-E515-4A7C-A883-F39269E29AA2} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2010-11-11] (PC-Doctor, Inc.)
Task: {C37EAC79-22FA-45B2-8F1E-D291EC7640F3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CAD3BC04-96AE-47A7-89A7-5AC2B275E8EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CB153A2A-7BD9-412D-B911-8412E3F38192} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE8572D2-85E4-4300-8FD3-6F117DC85D7E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D60CE8DC-B33D-4E25-B7BE-035401F88712} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E989A844-6E2B-417C-8CCE-7DA0D70A46C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB1906B6-A7E2-4476-8BA7-463217FA1154} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EDF0C8F9-0B35-464F-8724-0D380ABECD25} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-29 13:55 - 2015-09-01 08:41 - 00180624 _____ () C:\WINDOWS\System32\Primomonnt.dll
2016-02-15 21:02 - 2016-02-15 21:02 - 00027160 _____ () C:\WINDOWS\System32\us008lm.dll
2016-04-29 17:35 - 2015-03-18 10:09 - 00018432 _____ () C:\WINDOWS\System32\ssm1mlm.dll
2011-01-14 23:42 - 2010-04-22 01:04 - 00184320 _____ () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2016-04-29 17:37 - 2016-05-01 09:38 - 00498488 ____N () C:\WINDOWS\system32\spdsvc.exe
2016-04-29 17:37 - 2016-04-29 17:37 - 02078208 ____N () C:\WINDOWS\system32\DlgSearchEngine.dll
2015-10-30 00:44 - 2015-10-30 00:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-29 11:08 - 2016-03-29 04:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-29 11:08 - 2016-03-29 04:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-28 19:24 - 2016-04-28 19:24 - 00679624 _____ () C:\Users\JT\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-02-13 06:57 - 2016-02-13 06:57 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-29 11:07 - 2016-04-01 22:26 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-29 11:06 - 2016-04-01 22:09 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-29 11:06 - 2016-04-01 22:03 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-29 11:08 - 2016-04-01 22:03 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-29 11:08 - 2016-04-01 22:07 - 02657280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2011-01-14 23:45 - 2009-09-21 12:01 - 00028672 _____ () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2011-01-14 23:42 - 2008-11-20 03:27 - 00020480 _____ () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2009-05-28 01:09 - 2009-05-28 01:09 - 00049976 _____ () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2011-01-14 23:42 - 2010-06-01 03:41 - 00155648 _____ () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2014-09-08 13:30 - 2014-09-08 13:30 - 00351968 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:32 - 2014-09-08 13:32 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00048640 _____ () C:\Program Files\AOL Desktop 9.8.2\zlib.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 21151232 _____ () C:\Program Files\AOL Desktop 9.8.2\libcef.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00648704 _____ () C:\Program Files\AOL Desktop 9.8.2\libglesv2.dll
2015-12-15 11:14 - 2015-12-15 11:14 - 00122880 _____ () C:\Program Files\AOL Desktop 9.8.2\libegl.dll
2016-04-29 11:19 - 2016-04-29 11:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-29 11:19 - 2016-04-29 11:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-29 11:19 - 2016-04-29 11:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2437397390-83434516-1202361525-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Think\Think_Blue.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{35416BEA-9B8D-4D32-AAD6-C90969DA772A}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{EBB862F5-023D-4ED4-8E79-0EF5B9AB73C0}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3509DD4D-BC1B-4182-9692-F6A0571C07B0}] => (Allow) LPort=1900
FirewallRules: [{B34969B4-0160-405E-B89B-3C1B070332DA}] => (Allow) LPort=2869
FirewallRules: [{6C953980-30CF-4081-B7F5-E6EB73A1121F}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{07015FC2-24C7-451A-A58A-8F8EB2C2FA37}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{36B5B428-279D-4C49-AB84-13F913113F40}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{2218C753-7121-4166-8B9D-7F879C88D7B0}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{C65CADD7-8A82-4493-8936-B5A7DEFCE4BD}] => (Allow) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{897F124D-7E7C-4325-9D3D-F84F6D98518E}] => (Allow) C:\Program Files\Common Files\AOL\1461953896\ee\aolsoftware.exe
FirewallRules: [{A0706DCB-BDE2-4768-AC23-28A7188B9676}] => (Allow) C:\Program Files\Common Files\AOL\1461953896\ee\aolsoftware.exe
FirewallRules: [{8A57D3A1-5A8B-4721-B4D6-D0B096BC66A1}] => (Allow) C:\Program Files\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{67C9C597-70F3-421E-A9B2-227AA6001EC6}] => (Allow) C:\Program Files\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{1239F162-4238-4345-9403-1210E6BA9859}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{E3316A1B-9D16-4399-A235-2B6CB531E7DE}] => (Allow) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{0C2FA850-BBCC-4E53-A436-DDA0F7B7102A}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{46330AF3-4BEB-4650-81D4-F552C9267957}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{5F23341D-EA9D-45C4-A628-48CB81E9790A}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{4FEE69BE-C544-4EEC-846F-6A2C5D265D2C}] => (Allow) C:\Program Files\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{D7B3E9A9-0D5E-459C-BBCA-FC941685B55D}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{3571C308-0635-4B8E-8F40-92BE9DB2B070}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{907B6BB5-FCC4-4886-B667-49F148172A35}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{46005D2A-AEA7-4CB3-8276-39293E9C25EE}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{E23665FE-8C1E-4CEE-ABB2-5D31EBFD4A7C}] => (Allow) C:\Program Files\Samsung\Network PC Fax\drv\NetFaxMon64.exe
FirewallRules: [{E1EEFFF9-592E-4B70-BA01-0C87DD3B264B}] => (Allow) C:\Program Files\Samsung\Network PC Fax\drv\NetFaxMon.exe
FirewallRules: [{248BB9CE-F750-487A-9181-079B43873C49}] => (Allow) C:\WINDOWS\system32\spool\drivers\W32X86\3\NetFaxMon.exe
FirewallRules: [{7B962DC1-EFE7-449F-85B8-40D18213EBC1}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{C12FF95E-5603-43A5-9B60-CD9F61697A49}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{A1CD6F41-4ECB-42C6-8030-444D615F9D0D}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{B64D5674-B588-4BFB-B1F4-879E446018EF}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{1CED7C26-5DD6-483A-9B18-0CAA27FD2290}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{E9C732A3-02F1-4619-84D0-42383CFECDE2}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{B9215859-35AB-419B-863F-8E1162695F02}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/10/2016 11:00:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.10586.20, time stamp: 0x56541caa
Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd40d3
Exception code: 0xe06d7363
Fault offset: 0x000d2d82
Faulting process id: 0x1e30
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (05/02/2016 08:18:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program waol.exe version 9.8.2.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 72c
 
Start Time: 01d1a473585cab59
 
Termination Time: 16
 
Application Path: C:\Program Files\AOL Desktop 9.8.2\waol.exe
 
Report Id: 678d64b3-1068-11e6-9db6-f80f41097fa0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/02/2016 08:05:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program waol.exe version 9.8.2.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 230
 
Start Time: 01d1a47182acac82
 
Termination Time: 15
 
Application Path: C:\Program Files\AOL Desktop 9.8.2\waol.exe
 
Report Id: 903cdfe8-1066-11e6-9db6-f80f41097fa0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/29/2016 05:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rcengmgru.exe, version: 5.0.1.24, time stamp: 0x511e0adf
Faulting module name: MFC42u.DLL, version: 6.6.8063.0, time stamp: 0x5632d42c
Exception code: 0xc0000005
Fault offset: 0x0002a783
Faulting process id: 0x1758
Faulting application start time: 0xrcengmgru.exe0
Faulting application path: rcengmgru.exe1
Faulting module path: rcengmgru.exe2
Report Id: rcengmgru.exe3
Faulting package full name: rcengmgru.exe4
Faulting package-relative application ID: rcengmgru.exe5
 
Error: (04/29/2016 02:00:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d73f
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1470
Exception code: 0xc0000602
Fault offset: 0x0025088c
Faulting process id: 0x14c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (04/29/2016 02:00:54 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (332) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: 0(:0): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 
Error: (04/29/2016 11:35:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JT-THINK)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/29/2016 11:24:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JT-THINK)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/29/2016 11:20:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JT-THINK)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/29/2016 11:13:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JT-THINK)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (05/10/2016 05:12:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_56e8436 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/10/2016 10:53:08 AM) (Source: DCOM) (EventID: 10016) (User: JT-THINK)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JT-THINKJTS-1-5-21-2437397390-83434516-1202361525-1000LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795
 
Error: (05/09/2016 06:29:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4a8d6af service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/03/2016 03:33:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4025ce5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/02/2016 06:37:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2616634 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/02/2016 12:00:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Service service to connect.
 
Error: (05/02/2016 08:00:38 AM) (Source: DCOM) (EventID: 10016) (User: JT-THINK)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JT-THINKJTS-1-5-21-2437397390-83434516-1202361525-1000LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795
 
Error: (04/30/2016 03:14:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1261f13 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/30/2016 12:15:23 PM) (Source: DCOM) (EventID: 10016) (User: JT-THINK)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JT-THINKJTS-1-5-21-2437397390-83434516-1202361525-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (04/30/2016 10:51:15 AM) (Source: DCOM) (EventID: 10016) (User: JT-THINK)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}JT-THINKJTS-1-5-21-2437397390-83434516-1202361525-1000LocalHost (Using LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795
 
 
CodeIntegrity:
===================================
  Date: 2016-05-12 01:59:46.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-12 01:59:46.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-12 01:59:46.737
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-12 01:14:58.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-10 11:43:36.295
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 11:43:36.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 11:43:36.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 11:43:36.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 11:32:36.262
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 11:32:36.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 46%
Total physical RAM: 2941.24 MB
Available physical RAM: 1577.9 MB
Total Virtual: 5885.24 MB
Available Virtual: 4332.93 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:156.3 GB) (Free:125.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.76 GB) (Free:4.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: 69EDC533)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
Regarding your question, what problem persists with this computer? None actually. Please reference my original post. I became concerned when shortly after zeroing out the HDD and doing a second OS reinstall, Windows Defender detected and blocked:
 
Trojan:Win32/Kovter
Items:
C:\Users\JT\AppData\Local\Temp\3F97.tmp
 
So, it appeared to me that the Trojan had survived the reinstall. Windows Defender did detect and quarantine the one file and that was the last indication I have had of any threat. The computer is actually running quite good. What are your thoughts?
 
Thanks.
 
Regards,
 
JT
 
 
 


#7 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 17 May 2016 - 11:51 AM

Hello nasdaq,

 

Just checking to see that you have not forgotten about me.

 

Thanks,

 

JT



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,201 posts

Posted 18 May 2016 - 05:56 AM

Sorry I missed your post.

The computer is running good.

Have you had any problem since your last post?

Your addition log is clean.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 19 May 2016 - 11:58 AM

Hello nasdaq,
 
I had not noticed any problems. However, today something strange did happen. I was on my Yahoo Mail page in IE 11 and suddenly the page went blank and a gobbledygook URL appeared in the address bar. I did not wait for the page to load and I hit the back button which took me back to my Yahoo Mail page. I guess it is possile I inadvertently clicked on something, but I do not think that I did.
 
Anyway, since my machine appears to be clean, I guess all I can do is watch and see what happens. Do you have any other suggestions? Are you familiar with Malwarebyte's Anti-Exploit program and do you think I could benefit by installing it?
 
Thanks much for your help!
 
Regards,
 
JT


#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,201 posts

Posted 20 May 2016 - 05:20 AM

Run this one and will take it from there.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 20 May 2016 - 11:37 AM

Hello nasdaq,

 

Here is the MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/20/2016
Scan Time: 11:17 AM
Logfile: MBAM-log_05-20-16.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.20.06
Rootkit Database: v2016.05.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x86
File System: NTFS
User: JT
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260678
Time Elapsed: 6 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,201 posts

Posted 21 May 2016 - 05:29 AM

Now install the Malwarebyte Anti-exploit

https://www.malwareb...rg/antiexploit/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 23 May 2016 - 12:22 AM

Hello nasdaq,

 

I have installed Malwarebyte's Anti-Exploit program. Do you have any other suggestions?

 

Thanks.

 

Regards,

 

JT



#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,201 posts

Posted 23 May 2016 - 05:39 AM

You still have some remnant items in the registry that were not removed with the re-installation of the Operating system.

Execute this instructions on this page.
http://www.bleepingc...e-kovter-trojan

At any time if you need help please let me know before proceeding.

How is the computer running now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 JT1

JT1

    Member

  • Full Member
  • Pip
  • 63 posts

Posted 24 May 2016 - 04:38 PM

Hello nasdaq,
 
I executed the instructions in the "How to remove the Kovter Trojan (Removal Guide)" from Bleeping Computer. Here are the results:
 
RKill log:
 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html
 
Program started at: 05/23/2016 05:32:11 PM in x86 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * b06bdrv [Missing Service]
 * ebdrv [Missing Service]
 * iaLPSSi_GPIO [Missing Service]
 * iaLPSSi_I2C [Missing Service]
 * ibbus [Missing Service]
 * ksthunk [Missing Service]
 * mlx4_bus [Missing Service]
 * ndfltr [Missing Service]
 * PerfHost [Missing Service]
 * vpci [Missing Service]
 * WinMad [Missing Service]
 * WinVerbs [Missing Service]
 
 * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [Incorrect ImagePath]
 
 * PrintNotify => C:\Windows\system32\spool\drivers\W32X86\3\PrintConfig.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/23/2016 05:32:23 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
 

 

 
 
In the RKill log under "Checking Windows Service Integrity", there are several "Missing Services." Is this anything to be concerned about?
 
Next, I ran the Symantec Kovter Removal Tool. When the removal tool finished scanning, it displayed the following prompt:

 


FixTool32
Trojan.Kovter has not been found on your computer

 
 
FixTool32.log:

 

Start Trojan.Kotver check...
 
 
I then ran the ESET free online scanner. Here are the scan results:

 


ESET Online Scanner
No threats found.

 
 

ESET Scan log:
 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Update InitUpdate DownloadUpdate FinalizeUpdated modules version: 29567
 
 
 

My computer seems to be running fine and I have not noticed any issues for a few days. Since my machine appears to be clean, I guess all I can do is watch and see what happens. Now it is just a matter of being confident that I am malware free. Do you have any other suggestions?
 
Thanks much for your help!
 
Regards,
 
JT
 
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 
5/26/16
 

UPDATE! - Today, I was on my Yahoo Mail page in IE 11 and when I clicked on a message to open it, suddenly the page went blank and a SmartScreen Filter warning ("Are you trying to visit this site?") opened and the following URL appeared in the address bar:
 
hxxps://thooblists-n-profits.com/9551092396710/40096a251941eb0d7be6a4fea1695a3a.html
 
I quickly copied the URL which made the SmartScreen Filter warning disappear before I could respond to it, so, I hit the back button which took me back to my Yahoo Mail page. A bit of a setback in building my confidence. Suggestions???





 


 


Edited by TheJoker, 30 May 2016 - 11:01 PM.
malicious link edited


#16 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,430 posts

Posted 14 April 2017 - 10:19 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




Member of ASAP and UNITE
Support SpywareInfo Forum - click the button