Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lenovo imbeds and Adware need removal


  • This topic is locked This topic is locked
3 replies to this topic

#1 auklet

auklet

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:washington state and Ecuador
  • Local time:07:46 AM

Posted 22 August 2015 - 02:19 PM

I have found malware and adware on a brand new computer from Lenovo and wish to keep the computer use to a minimum until I can ferret out the rest.  The next three paragraphs are optional reading but probably helpful.  Your specifications for what you are looking for from me are summarized after the next three paragraphs.
 
---------------------------------------------------------------------------------------------------------------------------
 
In the rural U.S., I was forced to buy a Lenovo laptop (indicating a February 2015 manufacturing date) with its sullied reputation or have nothing else at the time of receiving short notice for departure for overseas from the U.S..  I was very disappointed to have no alternative choice for the computer specifications I needed.  My first priority when turning on the laptop was to find the evils.   I relied solely on my Malwarebytes Premium to detect and eliminate, which it did on first run with 6 or 7 entries for Visual Discovery and the PUP Optional.Winsoc.hijack.  Visual Discovery is the source for SuperFish and other malware.  I do not trust anything in this computer coming from Lenovo, especially with its heavy load of --at this time-- unopened bloatware.
 
I am relatively green with computers and applications for finding and eliminating malware and adware.   However subsequent to the above cited findings, I uncovered the name Visual Discovery (an original source for malware and adware) with the use of AdwCleaner which had 50+ entries of findings of what I suspect is adware, and they were cleaned by AdwCleaner.  I had little exposure to the internet except for downloading Malwarebytes. I do use Chrome browser which is an invasive tracker of my internet travel and supplier of "selective, intrusive ads."
 
I have eliminated much Lenovo supplied bloatware that would not be useful for me.  There Is more bloatware that remains on my computer that appears to be potentially useful for me including Lenovo generated ones "to help my use of the computer."  There is nothing I can find on any of them, even with the use of Should I Remove It.  Lenovo at its site does not acknowledge these programs exist. Some appear to be helpful if they are not contaminated.  For now I don't trust.  
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
I have been experiencing on a recently bought Lenovo Flex 2 14 laptop manufactured Feb 2015 with i7 intel processor, win 8.1, using Chrome browser an annoying abundance of adware and pop-ups. Ads are planted within the text I am reading.  Pop-ups are less regular but a daily nuisance.  
 
 With exposure from expert guidance on the forum Am I Infected, I have used and kept log/info results from the following:  CCleaner; Malwarebytes non-premium;  AdwCleaner; Junk Removal Tool; and ESET. Included in text below and attachment is results from FRST.
 
Befpre coming to Bleeping, I had deleted much Lenovo bloatware the first day of operating the laptop. Before arriving at Bleeping I was running on the first day of operating the laptop Microsoft's Defender and running Malwarebytes Premium. The former never found anything, and the latter found 6 or 7 entries on the first run after I downloaded it and before I had time on the internet with the new laptop. Two were the PUP Optional.Winsock.Hijack and the remaining were Visual Discovery.  Some few days later, I uncovered the name Visual Discovery (an original source for malware and adware) with the use of AdwCleaner which had 50+ entries of findings of what I suspect is adware, and they were cleaned by AdwCleaner. 
 
I still have undeleted and unopened bloatware I would consider trying.   Can malware/adware be found in software that has not been run yet ?  Is Chrome a noted transgressor of privacy and planting paid-for advertising in my otherwise text I am reading such that I have to leap over the ads that are interrupting the reading ? 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015 03
Ran by Admin 18 Aug 2015 (administrator) on CPUOAF0101P (22-08-2015 11:15:48)
Running from C:\Users\CPUOA User\Downloads
Loaded Profiles: CPUOA User & Admin 18 Aug 2015 (Available Profiles: CPUOA User & Admin 18 Aug 2015)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2808560 2014-08-07] (Synaptics Incorporated)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-02-23] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-02-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2015-02-23] (Lenovo(beijing) Limited)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKU\S-1-5-21-3330058123-2019430083-2832955609-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-3330058123-2019430083-2832955609-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3330058123-2019430083-2832955609-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-3330058123-2019430083-2832955609-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3330058123-2019430083-2832955609-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3330058123-2019430083-2832955609-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 200.107.10.105
Tcpip\..\Interfaces\{25A23817-B02E-4630-8797-6C81A1049349}: [DhcpNameServer] 200.107.10.105
Tcpip\..\Interfaces\{E54BD572-122C-4282-AAC6-153B261DA584}: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-13] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
CHR Extension: (Google Docs) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
CHR Extension: (Google Drive) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-22]
CHR Extension: (YouTube) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-22]
CHR Extension: (Google Search) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-22]
CHR Extension: (Google Sheets) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-22]
CHR Extension: (Gmail) - C:\Users\Admin 18 Aug 2015\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
S2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-02-23] (Lenovo(beijing) Limited)
S2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2015-02-23] (Lenovo)
S2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-08-09] (Maxthon)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
S2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-07] (PointGrab LTD)
S2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-02-23] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2015-02-23] (Lenovo)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-08-07] (Synaptics Incorporated)
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-02-23] (Lenovo)
S2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2015-02-23] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-12-24] (Atheros) [File not signed]
S2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [111336 2014-04-17] (GenesysLogic)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-07] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-22 11:15 - 2015-08-22 11:16 - 00013557 _____ C:\Users\CPUOA User\Downloads\FRST.txt
2015-08-22 11:12 - 2015-08-22 11:15 - 00000000 ____D C:\FRST
2015-08-22 11:10 - 2015-08-22 11:10 - 02173952 _____ (Farbar) C:\Users\CPUOA User\Downloads\FRST64.exe
2015-08-22 08:02 - 2015-08-22 08:02 - 00257024 _____ (Intel® Corporation) C:\Users\Admin 18 Aug 2015\Downloads\ChipUtil.exe
2015-08-22 07:54 - 2015-08-22 08:09 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\CrashDumps
2015-08-22 07:49 - 2015-08-22 07:49 - 00257024 _____ (Intel® Corporation) C:\Users\CPUOA User\Downloads\ChipUtil.exe
2015-08-21 16:32 - 2015-08-21 16:32 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-21 16:14 - 2015-08-21 16:14 - 00001116 _____ C:\Users\Admin 18 Aug 2015\Desktop\JRT.txt
2015-08-21 16:02 - 2015-08-21 16:40 - 02870984 _____ (ESET) C:\Users\CPUOA User\Downloads\esetsmartinstaller_enu.exe
2015-08-21 14:59 - 2015-08-21 14:59 - 01798576 _____ (Malwarebytes Corporation) C:\Users\CPUOA User\Downloads\JRT.exe
2015-08-21 13:37 - 2015-08-21 13:37 - 01605632 _____ C:\Users\CPUOA User\Downloads\AdwCleaner.exe
2015-08-21 13:19 - 2015-08-21 13:25 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-21 13:17 - 2015-08-21 13:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-21 13:17 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-21 13:17 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-21 13:17 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-21 12:07 - 2015-08-21 12:08 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\CPUOA User\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-21 12:00 - 2015-08-22 11:07 - 00000000 ____D C:\Users\CPUOA User\Desktop\bleeping cleaning sweep
2015-08-20 16:33 - 2015-08-20 16:33 - 00000000 ____D C:\Users\CPUOA User\Documents\Bleeping computer
2015-08-20 08:45 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2015-08-20 08:45 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2015-08-19 21:36 - 2015-08-19 21:36 - 00001238 _____ C:\windows\SysWOW64\ServiceConfig.xml
2015-08-19 02:11 - 2015-08-19 02:13 - 00004684 _____ C:\Users\Admin 18 Aug 2015\Desktop\AdwCleaner[S2].txt
2015-08-19 01:17 - 2015-08-21 14:44 - 00000000 ____D C:\AdwCleaner
2015-08-19 00:53 - 2015-08-19 00:53 - 01585664 _____ C:\Users\CPUOA User\Downloads\adwcleaner_5.002.exe
2015-08-18 22:53 - 2015-08-18 22:53 - 00000000 ____D C:\Users\CPUOA User\AppData\Roaming\Nitro
2015-08-18 22:53 - 2015-08-18 22:53 - 00000000 ____D C:\Users\CPUOA User\AppData\Roaming\FileOpen
2015-08-18 22:53 - 2015-08-18 22:53 - 00000000 ____D C:\ProgramData\FileOpen
2015-08-18 20:54 - 2015-08-21 14:45 - 00007994 _____ C:\windows\PFRO.log
2015-08-18 20:54 - 2015-08-21 14:45 - 00000696 _____ C:\windows\setupact.log
2015-08-18 20:54 - 2015-08-18 20:54 - 00000000 _____ C:\windows\setuperr.log
2015-08-18 20:52 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-18 20:52 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-18 20:10 - 2015-08-18 20:10 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\CyberLink
2015-08-18 19:39 - 2015-08-18 19:39 - 00002820 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-08-18 19:39 - 2015-08-18 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-18 19:39 - 2015-08-18 19:39 - 00000000 ____D C:\Program Files\CCleaner
2015-08-18 19:31 - 2015-08-18 19:35 - 06609608 _____ (Piriform Ltd) C:\Users\CPUOA User\Downloads\ccsetup508 (1).exe
2015-08-18 19:24 - 2015-08-18 19:24 - 00000000 _____ C:\windows\system32\SBRC.dat
2015-08-18 19:21 - 2015-08-21 10:52 - 00000768 _____ C:\Users\CPUOA User\Desktop\U.S. & World Econ.txt
2015-08-18 19:20 - 2015-08-18 19:20 - 00000000 _____ C:\Users\CPUOA User\Desktop\CNBC text.txt
2015-08-18 18:28 - 2015-08-18 18:28 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\IsolatedStorage
2015-08-18 17:03 - 2015-08-21 13:18 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\4B773B73.sys
2015-08-18 15:11 - 2015-08-18 15:11 - 06557296 _____ (ThreatTrack Security, Inc) C:\Users\CPUOA User\Downloads\setup-vipre-internet-security-en-us.exe
2015-08-18 14:21 - 2015-08-18 14:21 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\VS Revo Group
2015-08-18 13:47 - 2015-08-18 13:47 - 00000000 _____ C:\Users\Admin 18 Aug 2015\agent.log
2015-08-18 13:32 - 2015-08-18 13:32 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\GWX
2015-08-18 13:20 - 2015-08-22 08:03 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3330058123-2019430083-2832955609-1004
2015-08-18 13:17 - 2015-08-18 13:17 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\Lenovo
2015-08-18 13:16 - 2015-08-18 13:16 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Roaming\Intel Corporation
2015-08-18 13:15 - 2015-08-18 13:15 - 00000000 ____D C:\Users\Admin 18 Aug 2015\Documents\Bluetooth Folder
2015-08-18 13:15 - 2015-08-18 13:15 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Roaming\Atheros
2015-08-18 13:15 - 2015-08-18 13:15 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\BMExplorer
2015-08-18 13:14 - 2015-08-22 08:00 - 00002290 _____ C:\Users\Admin 18 Aug 2015\Desktop\Google Chrome.lnk
2015-08-18 13:14 - 2015-08-21 12:53 - 00000000 ____D C:\Users\Admin 18 Aug 2015
2015-08-18 13:14 - 2015-08-18 13:16 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\Packages
2015-08-18 13:14 - 2015-08-18 13:14 - 00001457 _____ C:\Users\Admin 18 Aug 2015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-18 13:14 - 2015-08-18 13:14 - 00000020 ___SH C:\Users\Admin 18 Aug 2015\ntuser.ini
2015-08-18 13:14 - 2015-08-18 13:14 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Roaming\Adobe
2015-08-18 13:14 - 2015-08-18 13:14 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\VirtualStore
2015-08-18 13:14 - 2015-08-18 13:14 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Local\Google
2015-08-18 13:14 - 2015-08-14 13:35 - 00000000 ___RD C:\Users\Admin 18 Aug 2015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-18 13:14 - 2015-08-14 11:30 - 00000000 ___RD C:\Users\Admin 18 Aug 2015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 13:14 - 2015-06-01 13:35 - 00000000 ___RD C:\Users\Admin 18 Aug 2015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-18 13:14 - 2014-03-18 04:55 - 00000369 _____ C:\Users\Admin 18 Aug 2015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-18 13:14 - 2014-03-18 04:55 - 00000369 _____ C:\Users\Admin 18 Aug 2015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-18 13:14 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Admin 18 Aug 2015\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-18 12:04 - 2015-08-18 12:04 - 01190120 _____ (Adobe Systems Incorporated) C:\Users\CPUOA User\Downloads\readerdc_en_ha_install.exe
2015-08-18 11:49 - 2015-08-20 23:17 - 00000000 ____D C:\Users\CPUOA User\Documents\Vipre Security
2015-08-15 09:36 - 2015-08-22 10:24 - 01756874 _____ C:\windows\WindowsUpdate.log
2015-08-14 15:07 - 2015-08-14 15:07 - 00030510 _____ C:\Users\CPUOA User\Documents\cc_20150814_150655.reg
2015-08-14 11:57 - 2015-08-14 11:57 - 00000000 ____D C:\Users\CPUOA User\Desktop\Lenovo prep
2015-08-14 11:35 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 11:35 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 10:42 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-14 10:42 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-14 10:42 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-13 17:29 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-13 17:29 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-13 17:29 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-13 17:29 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-13 17:29 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-13 17:29 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-13 17:29 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-13 17:29 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-13 17:29 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-13 17:29 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-13 17:29 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-13 17:29 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-13 17:29 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-13 17:29 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-13 17:29 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-13 17:29 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-13 17:29 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-13 17:29 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-13 17:29 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-13 17:29 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-13 17:29 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-13 17:29 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-13 17:29 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-13 17:29 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-13 17:29 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-13 17:29 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-13 17:29 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-13 17:29 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-13 17:29 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-13 17:28 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-13 17:28 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-13 17:28 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-13 17:28 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-13 17:28 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-13 17:27 - 2015-08-13 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-13 17:27 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-13 17:27 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-13 17:27 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-13 17:27 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-13 17:26 - 2015-08-22 10:31 - 00000930 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-13 17:26 - 2015-08-22 07:57 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-13 17:26 - 2015-08-13 17:27 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-13 17:26 - 2015-08-13 17:26 - 00003902 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-13 17:26 - 2015-08-13 17:26 - 00003666 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-13 17:25 - 2015-08-13 17:27 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\Google
2015-08-13 17:23 - 2015-08-13 17:25 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\Deployment
2015-08-13 17:23 - 2015-08-13 17:23 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\Apps\2.0
2015-08-13 17:22 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-13 17:22 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-13 17:22 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-13 17:22 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-13 17:22 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-13 17:22 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-13 17:22 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-13 17:22 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-13 17:22 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-13 17:22 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-13 17:22 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-13 17:22 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-13 17:22 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-13 17:22 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-13 17:22 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-13 17:22 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-13 17:22 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-13 17:22 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-13 17:22 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-13 17:22 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-13 17:22 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-13 17:16 - 2015-08-13 17:16 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\GWX
2015-08-13 17:08 - 2015-08-13 17:08 - 00000068 _____ C:\Users\CPUOA User\Documents\download chrome.txt
2015-08-13 16:56 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-13 16:56 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-13 16:56 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-13 16:56 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-13 16:56 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-13 16:56 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-13 16:56 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-13 16:56 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-08-13 16:56 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2015-08-13 16:56 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2015-08-13 16:56 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-08-13 16:56 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 16:56 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-08-13 16:56 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-08-13 16:56 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml
2015-08-13 16:54 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-13 16:54 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-13 16:54 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-13 16:54 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-13 16:54 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-13 16:54 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-13 16:54 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-13 16:54 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-13 16:54 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-13 16:54 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-13 16:54 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-13 16:54 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-13 16:54 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-10 03:02 - 2015-08-10 03:11 - 00000000 ____D C:\Users\CPUOA User\Documents\MBAM scan daily results
2015-08-10 02:55 - 2015-08-10 03:24 - 00000000 ____D C:\Users\CPUOA User\Desktop\MBAM scans print screen
2015-08-09 22:03 - 2015-08-09 22:03 - 00003590 _____ C:\windows\System32\Tasks\ShouldIRemoveIt_Notifications
2015-08-09 21:41 - 2015-08-09 21:41 - 00000000 ____D C:\Users\CPUOA User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2015-08-09 21:41 - 2015-08-09 21:41 - 00000000 ____D C:\Program Files (x86)\Reason
2015-08-09 17:47 - 2015-08-09 17:47 - 02178872 _____ (Reason Software Company Inc.) C:\Users\CPUOA User\Downloads\ShouldIRemoveIt_Setup.exe
2015-08-09 16:33 - 2015-08-09 16:33 - 00000000 ____D C:\Users\CPUOA User\AppData\Roaming\Lenovo
2015-08-09 13:54 - 2015-08-09 13:54 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\CPUOA User\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-09 13:50 - 2015-08-21 23:01 - 00000000 ____D C:\Users\CPUOA User\AppData\Roaming\Nitro PDF
2015-08-09 01:45 - 2015-07-05 05:08 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-08-09 00:51 - 2015-08-09 00:51 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\VS Revo Group
2015-08-09 00:51 - 2015-08-09 00:51 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-09 00:51 - 2015-08-09 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-08-09 00:51 - 2015-08-09 00:51 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-09 00:51 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2015-08-09 00:48 - 2015-08-09 00:48 - 11069616 _____ (VS Revo Group ) C:\Users\CPUOA User\Downloads\RevoUninProSetup.exe
2015-08-09 00:40 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-09 00:40 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-08-09 00:40 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-08-09 00:40 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-08-09 00:40 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-08-09 00:40 - 2015-05-11 13:17 - 01201664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-08-09 00:40 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\fhcpl.dll
2015-08-09 00:40 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-09 00:40 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-08-09 00:40 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-09 00:40 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-08-09 00:40 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\GeofenceMonitorService.dll
2015-08-09 00:40 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\GeofenceMonitorService.dll
2015-08-09 00:40 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2015-08-09 00:40 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2015-08-09 00:40 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-08-09 00:40 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2015-08-09 00:40 - 2015-04-28 08:13 - 00513480 _____ C:\windows\SysWOW64\locale.nls
2015-08-09 00:40 - 2015-04-28 08:13 - 00513480 _____ C:\windows\system32\locale.nls
2015-08-09 00:40 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-08-09 00:40 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-08-09 00:40 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-08-09 00:40 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-08-09 00:40 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-08-09 00:40 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-08-09 00:40 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-08-09 00:40 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-08-09 00:40 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-08-09 00:40 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-08-09 00:40 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-08-09 00:40 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-08-09 00:40 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-08-09 00:40 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-08-09 00:40 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-08-09 00:40 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-08-09 00:40 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-08-09 00:40 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-08-09 00:40 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-08-09 00:40 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-08-09 00:40 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-08-09 00:40 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-08-09 00:40 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-08-09 00:40 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys
2015-08-09 00:40 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys
2015-08-09 00:40 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys
2015-08-09 00:40 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys
2015-08-09 00:40 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys
2015-08-09 00:40 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2015-08-09 00:39 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-09 00:39 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-09 00:39 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-08-09 00:39 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-08-09 00:39 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-08-09 00:39 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-08-09 00:39 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-08-09 00:39 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-08-09 00:39 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-08-08 23:22 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-08 23:22 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-08 23:22 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-08 23:22 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-08 23:21 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-08 23:21 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-08 23:21 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-08 23:21 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-08 23:21 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-08 23:21 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-08 23:21 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-08 23:21 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-08 23:21 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-08-08 23:21 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-08 23:21 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-08 23:21 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-08-08 23:21 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-08 23:21 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-08-08 23:21 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-08-08 23:21 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-08-08 23:21 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-08-08 23:21 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-08-08 23:21 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-08-08 23:21 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-08-08 23:21 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-08-08 23:21 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-08-08 23:20 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-08 23:20 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-08-08 23:20 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-08 23:20 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-08 23:20 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-08 23:20 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-08 23:20 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-08-08 23:20 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-08 23:20 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-08 23:20 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-08-08 23:20 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-08 23:20 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-08-08 23:20 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-08 23:20 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-08 23:20 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-08 23:20 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-08 23:20 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-08 23:19 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-08-08 23:19 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-08-08 23:19 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-08-08 23:19 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-08-08 23:19 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-08-08 23:19 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-08-08 23:19 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-08-08 23:14 - 2015-08-18 18:26 - 00001283 _____ C:\Users\CPUOA User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2015-07-27 01:53 - 2015-08-14 15:05 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\CrashDumps
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-22 11:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-08-22 08:12 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-22 08:08 - 2015-06-01 11:37 - 00000000 ____D C:\Users\CPUOA User\Documents\Bluetooth Folder
2015-08-22 08:05 - 2015-02-23 13:51 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-08-22 07:57 - 2015-06-01 11:41 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3330058123-2019430083-2832955609-1001
2015-08-22 07:27 - 2015-07-10 17:27 - 00003958 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E54C9DA1-E8F3-498B-B82B-D0DB8C4F39E1}
2015-08-21 15:18 - 2015-02-23 13:58 - 00002560 _____ C:\windows\system32\VfService.trf
2015-08-21 14:52 - 2014-03-18 04:53 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-21 14:45 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-21 14:45 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-08-21 13:01 - 2015-06-01 11:36 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\Packages
2015-08-21 12:54 - 2015-02-23 13:58 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-08-21 12:49 - 2013-08-22 09:44 - 00346744 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-20 08:46 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-18 22:07 - 2015-02-23 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-18 22:07 - 2015-02-23 13:51 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-08-18 20:40 - 2015-02-23 13:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-18 20:39 - 2015-02-23 14:00 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-18 13:15 - 2015-06-01 11:37 - 00000000 ____D C:\ProgramData\Atheros
2015-08-18 13:15 - 2015-06-01 11:36 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-08-15 12:42 - 2014-04-03 14:15 - 00000000 ____D C:\windows\Panther
2015-08-15 12:37 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-14 14:19 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-08-14 13:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 13:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 13:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-14 13:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-14 11:35 - 2015-06-01 12:37 - 00000000 ____D C:\windows\system32\MRT
2015-08-14 11:32 - 2015-06-01 12:37 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-14 11:30 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 11:30 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 17:13 - 2015-06-01 13:36 - 00000000 ____D C:\windows\system32\appraiser
2015-08-13 17:13 - 2015-06-01 13:34 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-10 03:27 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-08-10 03:27 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore
2015-08-10 02:48 - 2015-02-23 14:02 - 00000000 ____D C:\ProgramData\Office2013
2015-08-10 02:31 - 2015-06-01 13:34 - 00000000 ___SD C:\windows\system32\GWX
2015-08-10 02:30 - 2015-06-01 13:34 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-08-10 00:04 - 2015-02-23 13:52 - 00000000 ____D C:\Program Files\Lenovo
2015-08-09 16:33 - 2015-02-23 13:53 - 00000000 ____D C:\ProgramData\Lenovo
2015-08-09 01:39 - 2015-02-23 13:54 - 00000000 ____D C:\ProgramData\McAfee
2015-08-09 01:35 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-08-09 00:37 - 2015-07-10 17:28 - 00000000 __SHD C:\Users\CPUOA User\AppData\Local\EmieUserList
2015-08-09 00:37 - 2015-07-10 17:28 - 00000000 __SHD C:\Users\CPUOA User\AppData\Local\EmieSiteList
2015-08-09 00:37 - 2015-07-10 17:28 - 00000000 __SHD C:\Users\CPUOA User\AppData\Local\EmieBrowserModeList
2015-08-09 00:26 - 2013-08-22 10:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-08-08 17:27 - 2015-06-01 11:39 - 00000000 ____D C:\Users\CPUOA User\AppData\Local\Lenovo
2015-08-08 16:18 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-08-08 15:28 - 2015-02-23 14:03 - 00000000 ____D C:\ProgramData\Energy Manager
2015-08-08 08:55 - 2015-06-01 13:42 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:55 - 2015-06-01 13:42 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-02-23 13:23 - 2015-02-23 13:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Admin 18 Aug 2015\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 08:18
 
==================== End of log ============================

Attached File  Addition.txt   34.07KB   3 downloads

Edited by Orange Blossom, 23 August 2015 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 AM

Posted 24 August 2015 - 08:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your FRST logs.


Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome

Also, please provide an update on how the computer is behaving after running the above script.

===

#3 auklet

auklet
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:washington state and Ecuador
  • Local time:07:46 AM

Posted 27 August 2015 - 10:58 PM

Nasdaq......  I iwll not be able to continue.  You can close this out. 

 

btw....I have been impressed this one and the Am I Infected tech advisors. 

 

I hope to (wish) to be back !



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:46 AM

Posted 28 August 2015 - 06:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users