Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with See Results Hub


  • This topic is locked This topic is locked
27 replies to this topic

#1 nexus_99

nexus_99

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 09 February 2016 - 10:03 PM

Hi There,

 

I downloaded Magical Jelly Bean to try to find the product keys of my Microsoft Office products, and I got this nasty little bugger with it.  I have tried to follow the self-removal steps, but nothing seems to be able to locate that there is something wrong.

 

Everytime I open Chrome, it has me direct to searchinterneat-a.akamaihd.net first.

 

The best part is I have put it on 2 computers, yay me!  So if it's okay, we'll do them one at a time - I will not cross post computer logs as to not confuse anyone.

 

Thanks in advance!

 

********************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Craig (administrator) on CRAIGSLENOVO (09-02-2016 21:54:37)
Running from C:\Users\Craig\Downloads
Loaded Profiles: Craig (Available Profiles: Craig)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OnekeyOptimizerUpdata.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [S6000Mnt] => C:\WINDOWS\WebCam\S6000\S6000Mnt.exe [516608 2015-10-06] (Alcor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-09-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-08] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2015-04-29] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2015-04-29] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [10828056 2015-08-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-08-15] (Lenovo)
HKLM\...\Run: [OneKeyOptimizer] => C:\Program Files\Lenovo\OneKey Optimizer\bin\OneKeyOptimizerTray.exe [559896 2014-11-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [30152 2015-03-23] (Lenovo Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12725488 2016-01-25] (Zemana Ltd.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKU\S-1-5-21-1210365714-855035236-3830370968-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1210365714-855035236-3830370968-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1210365714-855035236-3830370968-1001\...\RunOnce: [Uninstall C:\Users\Craig\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Craig\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-08-29]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada)
Startup: C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk [2016-02-09]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{2873f02b-8ac5-4aeb-b0e6-72c4400ebc38}: [DhcpNameServer] 8.8.8.8 192.168.1.1
Tcpip\..\Interfaces\{2fa3f3ff-b098-4041-b08c-0602b1c1b5f2}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{659aef2f-08c1-40d3-b764-19b88d4379e7}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1210365714-855035236-3830370968-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1210365714-855035236-3830370968-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1210365714-855035236-3830370968-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {E642DF7C-C614-414D-8EB9-92A7D6D60370} URL = 
SearchScopes: HKU\S-1-5-21-1210365714-855035236-3830370968-1001 -> DefaultScope {E642DF7C-C614-414D-8EB9-92A7D6D60370} URL = 
SearchScopes: HKU\S-1-5-21-1210365714-855035236-3830370968-1001 -> OldSearch URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-25]
CHR Extension: (Google Docs) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-25]
CHR Extension: (Google Drive) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Adblock for Youtube™) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-25]
CHR Extension: (Gmail) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-11-01] (Qualcomm Atheros) [File not signed]
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-09-08] (ELAN Microelectronics Corp.)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [191512 2014-11-20] (Lenovo) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-29] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2544408 2014-11-18] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016040 2015-04-10] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-08-15] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-19] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-25] (Lenovo(beijing) Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-08] (NVIDIA Corporation)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [113944 2014-11-17] (Lenovo(beijing) Limited)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-08-15] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-08-15] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12725488 2016-01-25] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70168 2014-11-20] (Windows ® Win 7 DDK provider) [File not signed]
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2327040 2015-10-30] (Qualcomm Atheros, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [899712 2015-10-06] (Bison)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202144 2016-02-09] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202144 2016-02-09] (Zemana Ltd.)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-09 21:54 - 2016-02-09 21:55 - 00022438 _____ C:\Users\Craig\Downloads\FRST.txt
2016-02-09 21:54 - 2016-02-09 21:54 - 00000000 ____D C:\FRST
2016-02-09 21:51 - 2016-02-09 21:51 - 00000000 ___HD C:\OneDriveTemp
2016-02-09 21:47 - 2016-02-09 21:53 - 02370560 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe
2016-02-09 21:30 - 2016-02-09 21:31 - 00002932 _____ C:\Users\Craig\Desktop\Rkill.txt
2016-02-09 21:30 - 2016-02-09 21:30 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Craig\Downloads\rkill.exe
2016-02-09 21:20 - 2016-02-09 21:54 - 00000839 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-02-09 21:20 - 2016-02-09 21:49 - 00000620 _____ C:\WINDOWS\ZAM.krnl.trace
2016-02-09 21:20 - 2016-02-09 21:20 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-02-09 21:20 - 2016-02-09 21:20 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-02-09 21:20 - 2016-02-09 21:20 - 00001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-02-09 21:20 - 2016-02-09 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-02-09 21:20 - 2016-02-09 21:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-02-09 21:19 - 2016-02-09 21:19 - 05225112 _____ ( ) C:\Users\Craig\Downloads\Zemana.AntiMalware.Setup.exe
2016-02-09 21:19 - 2016-02-09 21:19 - 00000000 ____D C:\Users\Craig\AppData\Local\Zemana
2016-02-09 21:11 - 2016-02-09 21:11 - 00000547 _____ C:\Users\Craig\Desktop\JRT.txt
2016-02-09 21:09 - 2016-02-09 21:09 - 01609032 _____ (Malwarebytes) C:\Users\Craig\Downloads\JRT.exe
2016-02-09 21:07 - 2016-02-09 21:07 - 01508352 _____ C:\Users\Craig\Downloads\adwcleaner_5.033.exe
2016-02-09 21:07 - 2016-02-09 21:07 - 00000000 ____D C:\AdwCleaner
2016-02-09 20:37 - 2016-02-09 21:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-09 20:37 - 2016-02-09 20:37 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-09 20:37 - 2016-02-09 20:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-09 20:37 - 2016-02-09 20:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-09 20:37 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-09 20:37 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-09 20:37 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-09 20:35 - 2016-02-09 20:36 - 22908888 _____ (Malwarebytes ) C:\Users\Craig\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-09 11:44 - 2016-02-09 11:44 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Craig\Downloads\KeyFinderInstaller.exe
2016-02-03 14:11 - 2016-02-03 14:11 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-02-03 14:11 - 2013-04-04 05:00 - 00391168 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBV.DLL
2016-02-03 10:57 - 2016-02-03 10:57 - 01524029 _____ C:\Users\Craig\Desktop\Lot 37.pdf
2016-02-02 06:34 - 2016-02-02 08:31 - 00018378 _____ C:\Users\Craig\Desktop\Aug 14 payroll.xlsx
2016-02-01 16:56 - 2016-02-01 16:56 - 00032997 _____ C:\Users\Craig\Desktop\Feb 2016 EFT.pdf
2016-01-28 12:01 - 2016-01-28 12:01 - 00017185 _____ C:\Users\Craig\Downloads\Rebecca Ahee-(EE & ER)-PDOC-Date paid-2016-01-31.pdf
2016-01-28 12:01 - 2016-01-28 12:01 - 00013417 _____ C:\Users\Craig\Downloads\Rebecca Ahee-(EE)-PDOC-Date paid-2016-01-31.pdf
2016-01-28 12:00 - 2016-01-28 12:00 - 00017201 _____ C:\Users\Craig\Downloads\Kim Thompson-(EE & ER)-PDOC-Date paid-2016-01-31.pdf
2016-01-28 12:00 - 2016-01-28 12:00 - 00013431 _____ C:\Users\Craig\Downloads\Kim Thompson-(EE)-PDOC-Date paid-2016-01-31.pdf
2016-01-27 19:51 - 2016-01-27 19:51 - 00017677 _____ C:\Users\Craig\Desktop\Jul 31 Payroll.xlsx
2016-01-27 16:48 - 2016-01-27 19:34 - 00029133 _____ C:\Users\Craig\Desktop\118 Perry.xlsx
2016-01-27 16:27 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 16:27 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-27 16:27 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 16:27 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 16:27 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-27 16:27 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-27 16:27 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-27 16:27 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 16:27 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-27 16:27 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-27 16:27 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 16:27 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 16:27 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-27 16:27 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-27 16:27 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 16:27 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-27 16:27 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 16:27 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-27 16:27 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-27 16:27 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 16:27 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-27 16:27 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 16:27 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 16:27 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 16:27 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 16:26 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 16:26 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 16:26 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 16:26 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 16:26 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 16:26 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 16:26 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 16:26 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 16:26 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 16:26 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 16:26 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 16:26 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 16:26 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 16:26 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 16:26 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 16:26 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-27 16:26 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-27 16:26 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 16:26 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 16:26 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 16:26 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 16:26 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 16:26 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 16:26 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 16:26 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 16:26 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 16:26 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 16:26 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 16:26 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 16:26 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 16:26 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 16:26 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 16:26 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 16:26 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 16:26 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 16:26 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 16:26 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 16:26 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 16:26 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 16:26 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 16:26 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 16:26 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 16:26 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 16:26 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 16:26 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 16:26 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 16:26 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 16:26 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 16:26 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 16:26 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 16:26 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 16:26 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 16:26 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 16:26 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 16:26 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 16:26 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 16:26 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 16:26 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 16:26 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 16:26 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 16:26 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 16:26 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 16:26 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 16:26 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 16:26 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 16:26 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 16:26 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 16:26 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 16:26 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 16:26 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 16:26 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 16:26 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 16:26 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 16:26 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 16:26 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 16:26 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 16:26 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 16:26 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 16:26 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 16:26 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 16:26 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 16:26 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 16:26 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 16:26 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 16:26 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 16:26 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 16:26 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 16:26 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 16:26 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 16:26 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 16:26 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 16:26 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 16:26 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 16:26 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-27 16:26 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 16:26 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 16:26 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 16:26 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-27 16:26 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-27 13:38 - 2016-01-27 13:38 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-25 17:13 - 2016-01-25 17:13 - 00017740 _____ C:\Users\Craig\Desktop\Jul 17 Payroll.xlsx
2016-01-25 06:22 - 2016-01-25 06:22 - 00022984 _____ C:\Users\Craig\Desktop\Subsidy November 2015.xlsx
2016-01-25 06:13 - 2016-01-25 06:13 - 00023003 _____ C:\Users\Craig\Desktop\Subsidy October 2015.xlsx
2016-01-25 06:02 - 2016-01-25 06:02 - 00023098 _____ C:\Users\Craig\Desktop\Subsidy September 2015.xlsx
2016-01-24 19:25 - 2016-01-24 19:25 - 00278663 _____ C:\Users\Craig\Downloads\kitForm (2).pdf
2016-01-24 19:21 - 2016-01-24 19:21 - 00278661 _____ C:\Users\Craig\Downloads\kitForm (1).pdf
2016-01-24 18:31 - 2016-01-24 18:31 - 00278672 _____ C:\Users\Craig\Downloads\kitForm.pdf
2016-01-24 12:22 - 2016-01-24 12:22 - 00022902 _____ C:\Users\Craig\Desktop\Subsidy August 2015.xlsx
2016-01-24 12:14 - 2016-01-24 12:14 - 00022929 _____ C:\Users\Craig\Desktop\Subsidy July 2015.xlsx
2016-01-24 12:06 - 2016-01-24 12:06 - 00023092 _____ C:\Users\Craig\Desktop\Subsidy June 2015.xlsx
2016-01-24 10:56 - 2016-01-24 10:56 - 01419617 _____ C:\Users\Craig\Desktop\Rental Agreement - 15 Baker.pdf
2016-01-24 10:41 - 2016-01-24 10:41 - 00017587 _____ C:\Users\Craig\Desktop\Dec 18 Payroll.xlsx
2016-01-24 10:20 - 2016-01-24 10:20 - 00017938 _____ C:\Users\Craig\Desktop\Dec 4 Payroll.xlsx
2016-01-24 09:47 - 2016-01-24 09:47 - 00017733 _____ C:\Users\Craig\Desktop\Nov 20 Payroll.xlsx
2016-01-24 09:20 - 2016-01-24 09:20 - 00017696 _____ C:\Users\Craig\Desktop\Nov 6 Payroll.xlsx
2016-01-23 16:29 - 2016-01-23 16:29 - 00017745 _____ C:\Users\Craig\Desktop\Oct 23 Payroll.xlsx
2016-01-23 15:11 - 2016-01-23 15:11 - 00017715 _____ C:\Users\Craig\Desktop\Oct 09 Payroll.xlsx
2016-01-23 14:13 - 2016-01-23 14:13 - 00017902 _____ C:\Users\Craig\Desktop\Sep 25 Payroll.xlsx
2016-01-23 13:19 - 2016-01-23 13:19 - 00017809 _____ C:\Users\Craig\Desktop\Sep 11 Payroll.xlsx
2016-01-23 12:46 - 2016-01-23 12:46 - 00017839 _____ C:\Users\Craig\Desktop\Aug 28 payroll.xlsx
2016-01-21 12:00 - 2016-01-21 12:00 - 00388151 _____ C:\Users\Craig\Desktop\Rental Application - 15 Baker.pdf
2016-01-15 11:03 - 2016-01-15 11:03 - 00017184 _____ C:\Users\Craig\Downloads\Rebecca Ahee-(EE & ER)-PDOC-Date paid-2016-01-15.pdf
2016-01-15 11:03 - 2016-01-15 11:03 - 00013416 _____ C:\Users\Craig\Downloads\Rebecca Ahee-(EE)-PDOC-Date paid-2016-01-15.pdf
2016-01-15 11:02 - 2016-01-15 11:02 - 00017197 _____ C:\Users\Craig\Downloads\Kim Thompson-(EE & ER)-PDOC-Date paid-2016-01-15.pdf
2016-01-15 11:02 - 2016-01-15 11:02 - 00013430 _____ C:\Users\Craig\Downloads\Kim Thompson-(EE)-PDOC-Date paid-2016-01-15.pdf
2016-01-12 13:46 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 13:46 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 13:46 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 13:46 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 13:46 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 13:46 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 13:46 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 13:46 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 13:46 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 13:46 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 13:46 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 13:46 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 13:46 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 13:46 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 13:46 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 13:46 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 13:46 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 13:46 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 13:46 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 13:46 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 13:46 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 13:46 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 13:46 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 13:46 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 13:46 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 13:46 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 13:46 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 13:46 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 13:46 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 13:46 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 13:46 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 13:46 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-12 13:46 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 13:46 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 13:46 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 13:46 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 13:46 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 13:46 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 13:46 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 13:46 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 13:46 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 13:46 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 13:46 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 13:46 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 13:46 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 13:46 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 13:46 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 13:46 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 13:46 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 13:46 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 13:46 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 13:46 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 13:46 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 13:46 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-12 13:46 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 13:46 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 13:46 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 13:46 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 13:46 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 13:46 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 13:46 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 13:46 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 13:46 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 13:46 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 13:46 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 13:46 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 13:46 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 13:46 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 13:46 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 13:46 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 13:46 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 13:46 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 13:46 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 13:46 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 13:46 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-09 21:54 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-09 21:54 - 2015-08-25 13:23 - 00893588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-09 21:51 - 2015-08-25 11:00 - 00000000 ___RD C:\Users\Craig\OneDrive
2016-02-09 21:50 - 2015-12-29 18:20 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-09 21:50 - 2015-08-25 11:50 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-09 21:50 - 2015-08-25 10:59 - 00000000 __SHD C:\Users\Craig\IntelGraphicsProfiles
2016-02-09 21:49 - 2015-12-29 21:13 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-09 21:49 - 2015-12-29 18:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-09 21:49 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-09 21:16 - 2015-08-25 11:50 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-09 20:54 - 2015-08-29 12:50 - 00000000 ____D C:\Users\Craig\Documents\Qbooks files
2016-02-09 19:58 - 2015-08-29 13:23 - 00000000 ____D C:\Users\Craig\Documents\Craig's Stuff
2016-02-09 19:54 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-09 19:06 - 2016-01-06 16:28 - 00000000 ____D C:\Users\Craig\AppData\Local\ApplicationHistory
2016-02-09 19:06 - 2015-12-29 18:23 - 00000000 ____D C:\Users\Craig
2016-02-09 19:06 - 2015-08-29 12:49 - 00000000 ____D C:\Users\Craig\Documents\Perry House
2016-02-09 19:05 - 2015-08-29 16:34 - 00120320 _____ C:\Users\Craig\Desktop\Revenues.xls
2016-02-09 17:16 - 2015-09-17 10:24 - 00000000 ____D C:\Users\Craig\AppData\Roaming\Skype
2016-02-09 11:33 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-09 11:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-08 16:11 - 2015-08-25 10:59 - 00000000 ____D C:\Users\Craig\AppData\Local\Packages
2016-02-08 13:57 - 2015-08-29 16:34 - 00000000 ____D C:\Users\Craig\Desktop\C&C
2016-02-07 16:40 - 2015-08-25 13:37 - 00002417 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-05 09:17 - 2015-08-25 11:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-03 14:21 - 2015-08-26 18:37 - 00000000 ____D C:\Users\Craig\AppData\Local\Microsoft Help
2016-02-03 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-03 13:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-02 05:11 - 2015-08-25 11:50 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 05:11 - 2015-08-25 11:50 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 16:31 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-28 09:28 - 2015-08-26 01:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-27 21:46 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-27 21:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-27 21:46 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-27 21:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-27 21:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-27 21:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-27 21:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-25 21:45 - 2015-08-26 19:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-25 07:31 - 2015-10-11 11:03 - 00000000 ____D C:\Users\Craig\AppData\Local\ElevatedDiagnostics
2016-01-24 20:10 - 2015-09-16 10:54 - 00000000 _____ C:\Users\Craig\Documents\Xerox Mobile Express Port
2016-01-23 11:11 - 2015-09-17 10:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-23 10:22 - 2015-08-29 16:35 - 00000000 ____D C:\Users\Craig\Desktop\Preston
2016-01-14 13:12 - 2015-08-29 16:39 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 13:12 - 2015-08-29 16:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-12 14:24 - 2015-08-26 19:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-12 14:22 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-01-12 14:18 - 2015-08-26 17:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 14:15 - 2015-08-26 17:39 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 14:14 - 2015-08-15 01:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-10 20:02 - 2015-10-29 15:18 - 00000000 ____D C:\Users\Craig\AppData\Roaming\vlc
2016-01-10 09:29 - 2015-08-29 12:50 - 00000000 ____D C:\Users\Craig\Documents\Properties
 
==================== Files in the root of some directories =======
 
2015-08-29 19:03 - 2015-08-29 19:03 - 0000093 _____ () C:\Users\Craig\AppData\Local\fusioncache.dat
2015-08-31 08:21 - 2015-08-31 08:21 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-29 18:20 - 2015-12-29 18:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-02 05:18
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 10 February 2016 - 12:53 AM

Hello nexus_99,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run/install any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

*********************

 

Thank you for the provided logs. I will look through them and when ready, return with further instructions. Meanwhile, on first run, FRST will automatically create another log called Addition.txt in the same directory where FRST was run from and where the FRST.txt log file is located. Is it present on your system? If so, please, attach it in your next post. You said that you are redirected when accessing websites via Google Chrome. Does the problem appear in other browsers too (Internet Explorer or Microsoft Edge for example).


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 nexus_99

nexus_99
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 10 February 2016 - 09:17 AM

Attached File  Addition.txt   41.37KB   3 downloadsHi Stan,

 

Thank you so much for the speedy reply.  You're right, it is only on Chrome (I'm on Edge right now and have no bad results).

 

Log is attached.

 

Craig



#4 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 10 February 2016 - 03:53 PM

Hello nexus_99,
 
Thank you for the provided logs. Your system looks good and there are no signs of active infection on the system. Since you are still experiencing redirection issues, I want to check couple of more things. You mentioned that you have run some tools before posting here. Can you provide me the logs generated from them? The logs are located as following:

  • The log from AdwCleaner can be found in C:\AdwCleaner folder. The scan logs are listed as AdwCleaner[S#].txt and logs, generated after cleanup process - AdwCleaner[C#].txt, where highest # indicates the most recent log.
  • The log from Junkware Removal Tool can be found in the same directory where it was run from.
  • To retrieve the log from MBAM:
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Export and save the log as a .txt file on your Desktop or another location

**************************
 
Also, please note:
 
Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove that program, please, use the Programs and Features section in Control Panel.
 
**************************
 
Please, go to the following directory and launch Google Chrome by double-clicking over chrome.exe. See if the redirection problem is still present.

C:\Program Files (x86)\Google\Chrome\Application\

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#5 nexus_99

nexus_99
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 10 February 2016 - 04:01 PM

Hi Stan,

 

Logs attached.

 

Interesting...your test worked fine.  Following the path seems to have worked just fine.

 

Attached Files



#6 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 11 February 2016 - 01:05 PM

Hello nexus_99,
 

Interesting...your test worked fine.  Following the path seems to have worked just fine.

This confirms what I was suspecting. Please, start again Farbar Recovery Scan Tool.
 
In the main window of the program, please, put a checkmark in front of Shortcut.txt option in the Optional Scan section. When ready, please, push the Scan button and wait the tool to finish its job. When done, two log files -FRST.txt and Shortcut.txt - will be generated in the same directory where FRST was run from - in your case this should be the Downloads folder. Please, paste their content in your next reply.
 
********************
 
Open again Farbar Recovery Scan Tool.

  • In the main Search box, please, type or paste the following line:
*akamaihd*
  • Push the Search Files button. When ready, a log file called Search.txt should be generated at the same location where FRST was run from. Please, paste its content in your next reply.

In your next answer, I will be waiting for the following logs - FRST.txtShortcut.txt and Search.txt


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#7 nexus_99

nexus_99
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 11 February 2016 - 01:45 PM

Hi Stan,

 

All is attached.  Thanks again, Craig

 

PS - I will be away from now until Monday night, so I apologize if my replies are slow.  Should I happen to have wifi, I will respond as soon as I am able.

Attached Files



#8 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 13 February 2016 - 05:47 AM

Hello nexus_99,
 
Thank you for the provided logs. It looks like not everything is quite clear and there are things that need to be addressed too. First I want to ask you - when does the problem appear? When you start Google Chrome from Quick Launch, or from a desktop icon? Is the problem present when you launch the browser from its Start Menu entry?
 
********************
 
Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached Attached File  fixlist.txt   262bytes   6 downloads  and save it to the same location as FRST.

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Downloads folder

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

For now, don't use Google Chrome or, if needed, launch the application via accessing the executable in the Program Files directory mentioned earlier. After that, please, post the content of the log file in your next reply.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#9 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 17 February 2016 - 01:15 AM

Hello nexus_99,

 

Are you still with me? I see that you haven't been online since your last post here. Do you still need help? Please, note that after two more days of inactivity the topic will be closed.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#10 nexus_99

nexus_99
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 17 February 2016 - 02:16 PM

Hi Stan,

My apologies for the delay.

 

The problem occurs when I launch Chrome from a quicklaunch icon, not when I follow the path you set out.

 

Log attached, thanks again!

Craig

 

 

Attached Files



#11 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 18 February 2016 - 12:38 AM

Hello nexus_99,

My apologies for the delay.

Not a problem at all. I wanted to make sure that everything is all right.
 
It looks like the shortcut pinned on your taskbar have been modified to launch Chrome to the mentioned address. Because of that, we need to recreate it. For that, please:

  • Right-click over Google Chrome icon placed on the taskbar -> Choose Unpin this program from taskbar
  • Go to the following directory:
C:\Program Files (x86)\Google\Chrome\Application\
  • Right-click over chrome.exe -> Choose Pin to taskbar

A new shortcut should be created on your taskbar. Please, launch Google Chrome using it and check if the redirection problem is still present.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#12 nexus_99

nexus_99
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 18 February 2016 - 09:46 AM

I have followed your instructions and the new shortcut doesn't appear to be redirecting, thank you.



#13 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 18 February 2016 - 03:23 PM

Hello nexus_99,
 
I'm glad to hear that the problem is gone. Please, launch FRST again. In the main window of the program, please, put a checkmark in the checkbox in front of Addition.txt in the Optional Scan section and push the Scanbutton. When ready, two log files named FRST.txt and Addition.txt will be generated in the same directory where the tool was run from. Please, paste the content of both files in your next reply.
 
********************

Note: The instructions below can be used for any browser except Internet Explorer.

  • Please go here, download the ESET Smart Installer, and save it to your Desktop.
  • Double-click on the file you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the Start button.
  • Click Yes to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may appear to be finished sometimes but if there is a progress bar visible, it is still scanning.
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#14 nexus_99

nexus_99
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 18 February 2016 - 06:48 PM

Scans attached.  Thank you again.

Attached Files



#15 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 19 February 2016 - 12:19 PM

Hello nexus_99,
 
The provided logs show no signs of infection on the system. ESET Online Scanner detected only the executable, which, as you said, led to the problems. Please, go to the following directory and manually delete the KeyFinderInstaller.exe.

C:\Users\Craig\Downloads\

********************
 
Let's now remove the tools that we have been using during our work here:
 
Please, download Delfix and save it to your Desktop.

  • Double-click to start the tool.
  • Please, ensure that the following options are checked.
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
  • Push Run and wait until the tool finishes its job.

When ready, a logfile will automatically open. The tools that have been removed will be listed in it. It is not necessary to paste its content in the next post. You can manually remove any tools left from previously done scans.
 
*********************
 
I will give you some topics that I advise you to read. They will help you learn how to practice safe computing and you can only benefit from them. Please, take a sit, grab a cup of coffee, tea, juice, maybe some food and spend some minutes reading those materials.

Another topic that will come in use for you is related to the user experience while surfing or working with the system. We spend a lot of time in front of our computers, so performance is a thing that must be bore in mind.

Remember - the level of security will always depend on user's decisions and user's activities. If you have any concerns or questions, feel absolutely free to ask us. Stay safe!


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users