Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Homepage Hijack


  • This topic is locked This topic is locked
10 replies to this topic

#1 NightTrain87

NightTrain87

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 February 2016 - 12:55 AM

Hey BC my dad is having issues with his homepage being redirected to https://startpage-home.com/?s=hp&m=start. Searches are not working properly.  Here are the logs, thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Jim (administrator) on MYCOMPUTER (14-02-2016 23:40:44)
Running from C:\Users\Jim\Downloads
Loaded Profiles: Jim (Available Profiles: Jim)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13895912 2015-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\...\Run: [Innova OBD PC-Link] => C:\Program Files (x86)\Innova OBD PC-Link\Innova.exe [76800 2015-03-31] (Innova Electronics Corp.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-09-07]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-09-07]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{3e38309b-637b-475e-ae9c-9ea097d41353}: [DhcpNameServer] 192.168.100.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCON14/19
SearchScopes: HKLM -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2378488700-1762840117-2005590291-1001 -> DefaultScope {29608219-D8AE-11E4-8279-40A8F04A38ED} URL =
SearchScopes: HKU\S-1-5-21-2378488700-1762840117-2005590291-1001 -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-12-18] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-12-18] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\1i8n3k6a.default
FF NewTab: www.google.ca
FF Homepage: hxxps://startpage-home.com/?s=hp&m=start
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-12-18]
FF Extension: Webroot Password Manager - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\1i8n3k6a.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-12-18]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-09-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [313584 2015-08-07] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-24] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [45104 2015-12-18] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 23:40 - 2016-02-14 23:42 - 00014663 _____ C:\Users\Jim\Downloads\FRST.txt
2016-02-14 23:40 - 2016-02-14 23:40 - 02370560 _____ (Farbar) C:\Users\Jim\Downloads\FRST64.exe
2016-02-14 23:40 - 2016-02-14 23:40 - 00000000 ____D C:\FRST
2016-02-14 23:39 - 2016-02-14 23:39 - 01721344 _____ (Farbar) C:\Users\Jim\Downloads\FRST.exe
2016-02-14 23:35 - 2016-02-14 23:35 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jim\Downloads\revosetup.exe
2016-02-14 23:35 - 2016-02-14 23:35 - 00001348 _____ C:\Users\Jim\Desktop\Revo Uninstaller.lnk
2016-02-14 23:35 - 2016-02-14 23:35 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-14 23:35 - 2016-02-14 23:35 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-02-14 23:12 - 2016-02-14 23:25 - 00000000 ____D C:\AdwCleaner
2016-02-14 23:12 - 2016-02-14 23:12 - 01508352 _____ C:\Users\Jim\Downloads\adwcleaner_5.033.exe
2016-02-14 23:05 - 2016-02-14 23:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-14 23:04 - 2016-02-14 23:04 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-14 23:04 - 2016-02-14 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-14 23:04 - 2016-02-14 23:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-14 23:04 - 2016-02-14 23:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-14 23:04 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-14 23:04 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-14 23:04 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-14 23:03 - 2016-02-14 23:04 - 22908888 _____ (Malwarebytes ) C:\Users\Jim\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-02-14 23:02 - 2016-02-14 23:04 - 22908888 _____ (Malwarebytes ) C:\Users\Jim\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-14 11:38 - 2016-02-14 11:38 - 00370159 _____ C:\Users\Jim\Downloads\Reply to your
2016-02-14 11:38 - 2016-02-14 11:38 - 00370159 _____ C:\Users\Jim\Downloads\Reply to your
2016-02-11 23:04 - 2016-02-14 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-10 17:15 - 2016-02-10 17:15 - 01254071 _____ C:\Users\Jim\Downloads\Arbitration ruling re shift levelling.pdf
2016-02-10 07:03 - 2016-01-26 23:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 07:03 - 2016-01-26 23:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 07:03 - 2016-01-26 23:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 07:03 - 2016-01-26 23:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 07:03 - 2016-01-26 22:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 07:03 - 2016-01-26 22:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 07:03 - 2016-01-26 22:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 07:03 - 2016-01-26 22:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 07:02 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 07:02 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 07:02 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 07:02 - 2016-01-27 00:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 07:02 - 2016-01-27 00:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 07:02 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 07:02 - 2016-01-27 00:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 07:02 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 07:02 - 2016-01-26 23:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 07:02 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 07:02 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 07:02 - 2016-01-26 23:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 07:02 - 2016-01-26 23:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 07:02 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 07:02 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 07:02 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 07:02 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 07:02 - 2016-01-26 23:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 07:02 - 2016-01-26 23:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 07:02 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 07:02 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 07:02 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 07:02 - 2016-01-26 23:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 07:02 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 07:02 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 07:02 - 2016-01-26 23:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 07:02 - 2016-01-26 23:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 07:02 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 07:02 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 07:02 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 07:02 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 07:02 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 07:02 - 2016-01-26 23:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 07:02 - 2016-01-26 23:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 07:02 - 2016-01-26 23:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 07:02 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 07:02 - 2016-01-26 23:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 07:02 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 07:02 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 07:02 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 07:02 - 2016-01-26 22:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 07:02 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 07:02 - 2016-01-26 22:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 07:02 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 07:02 - 2016-01-26 22:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 07:02 - 2016-01-26 22:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 07:02 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 07:02 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 07:02 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 07:02 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 07:02 - 2016-01-26 22:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 07:02 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 07:02 - 2016-01-26 22:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 07:02 - 2016-01-26 22:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 07:02 - 2016-01-26 22:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 07:02 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 07:02 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-02 12:26 - 2016-02-02 12:26 - 02089400 _____ C:\Users\Jim\Downloads\Bargaining for Beginners.pdf
2016-02-02 12:26 - 2016-02-02 12:26 - 00020206 _____ C:\Users\Jim\Downloads\bargaining_proposal.pdf
2016-02-02 12:25 - 2016-02-02 12:25 - 00030707 _____ C:\Users\Jim\Downloads\Victoria Hospital Trades Meeting Notice - 2016-2-11.pdf
2016-02-02 12:22 - 2016-02-02 12:23 - 00312852 _____ C:\Users\Jim\Downloads\Poster - 2016-2-11.pdf
2016-01-28 05:03 - 2016-01-16 00:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 05:03 - 2016-01-16 00:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 05:03 - 2016-01-15 23:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 05:03 - 2016-01-15 23:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 05:02 - 2016-01-16 00:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 05:02 - 2016-01-16 00:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 05:02 - 2016-01-16 00:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 05:02 - 2016-01-16 00:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 05:02 - 2016-01-16 00:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 05:02 - 2016-01-16 00:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 05:02 - 2016-01-16 00:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 05:02 - 2016-01-16 00:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 05:02 - 2016-01-16 00:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 05:02 - 2016-01-16 00:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 05:02 - 2016-01-16 00:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 05:02 - 2016-01-16 00:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 05:02 - 2016-01-16 00:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 05:02 - 2016-01-16 00:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 05:02 - 2016-01-16 00:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 05:02 - 2016-01-15 23:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 05:02 - 2016-01-15 23:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 05:02 - 2016-01-15 23:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 05:02 - 2016-01-15 23:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 05:02 - 2016-01-15 23:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 05:02 - 2016-01-15 23:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 05:02 - 2016-01-15 23:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 05:02 - 2016-01-15 23:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 05:02 - 2016-01-15 23:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 05:02 - 2016-01-15 23:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 05:02 - 2016-01-15 23:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 05:02 - 2016-01-15 23:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 05:02 - 2016-01-15 23:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 05:02 - 2016-01-15 23:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 05:02 - 2016-01-15 23:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 05:02 - 2016-01-15 23:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 05:02 - 2016-01-15 23:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 05:02 - 2016-01-15 23:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 05:02 - 2016-01-15 23:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 05:02 - 2016-01-15 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 05:02 - 2016-01-15 23:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 05:02 - 2016-01-15 23:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 05:02 - 2016-01-15 23:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 05:02 - 2016-01-15 23:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 05:02 - 2016-01-15 23:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 05:02 - 2016-01-15 23:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 05:02 - 2016-01-15 23:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 05:02 - 2016-01-15 23:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 05:02 - 2016-01-15 23:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 05:02 - 2016-01-15 23:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 05:02 - 2016-01-15 23:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 05:02 - 2016-01-15 23:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 05:02 - 2016-01-15 23:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 05:02 - 2016-01-15 23:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 05:02 - 2016-01-15 23:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 05:02 - 2016-01-15 23:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 05:02 - 2016-01-15 23:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 05:02 - 2016-01-15 23:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 05:02 - 2016-01-15 23:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 05:02 - 2016-01-15 23:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 05:02 - 2016-01-15 23:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 05:02 - 2016-01-15 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 05:02 - 2016-01-15 23:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 23:37 - 2015-12-12 03:05 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-14 23:37 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-14 23:31 - 2015-10-17 10:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-14 23:30 - 2015-12-12 03:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-14 23:30 - 2015-12-12 03:01 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-02-14 23:30 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-14 23:27 - 2014-09-16 14:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-14 22:50 - 2015-10-17 10:33 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-14 21:17 - 2015-02-27 19:44 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJim.job
2016-02-14 21:16 - 2014-09-16 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-14 18:24 - 2015-10-14 18:10 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C4730139-27BF-4A18-A563-B893293124E1}
2016-02-14 12:26 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-13 19:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-12 08:25 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-11 11:47 - 2015-02-27 19:44 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJim
2016-02-11 10:06 - 2014-09-10 17:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-11 10:00 - 2014-09-10 17:07 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-11 03:34 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 03:31 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 15:19 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 00:06 - 2015-09-07 10:24 - 00000000 ____D C:\ProgramData\WRData
2016-02-03 13:01 - 2015-10-30 01:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 13:01 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 17:45 - 2015-10-17 10:33 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 17:45 - 2015-10-17 10:33 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-22 04:31 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 04:29 - 2015-01-26 14:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-15 14:29 - 2014-09-10 14:40 - 00000000 ____D C:\Users\Jim\AppData\Local\Packages

==================== Files in the root of some directories =======

2015-09-07 10:25 - 2015-12-18 10:28 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe

Some files in TEMP:
====================
C:\Users\Jim\AppData\Local\Temp\Extract.exe
C:\Users\Jim\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Jim\AppData\Local\Temp\oct26F9.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct2DA7.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct7749.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct805E.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct8FA9.tmp.exe
C:\Users\Jim\AppData\Local\Temp\octAFDF.tmp.exe
C:\Users\Jim\AppData\Local\Temp\octEC14.tmp.exe
C:\Users\Jim\AppData\Local\Temp\SP71715.exe
C:\Users\Jim\AppData\Local\Temp\sqlite3.dll
C:\Users\Jim\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-07 15:44

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:39 AM

Posted 15 February 2016 - 04:06 AM

Hello NightTrain87 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs and will reply shortly.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:39 AM

Posted 15 February 2016 - 04:20 AM

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2378488700-1762840117-2005590291-1001 -> DefaultScope {29608219-D8AE-11E4-8279-40A8F04A38ED} URL =
SearchScopes: HKU\S-1-5-21-2378488700-1762840117-2005590291-1001 -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF Homepage: hxxps://startpage-home.com/?s=hp&m=start
C:\Users\Jim\AppData\Local\Temp\Extract.exe
C:\Users\Jim\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Jim\AppData\Local\Temp\oct26F9.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct2DA7.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct7749.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct805E.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct8FA9.tmp.exe
C:\Users\Jim\AppData\Local\Temp\octAFDF.tmp.exe
C:\Users\Jim\AppData\Local\Temp\octEC14.tmp.exe
C:\Users\Jim\AppData\Local\Temp\SP71715.exe
C:\Users\Jim\AppData\Local\Temp\sqlite3.dll
C:\Users\Jim\AppData\Local\Temp\UninstallHPSA.exe
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log.

Logs to include with next post:

Fixlog.txt
AdwCleaner log
JRT.txt
New Frst.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 NightTrain87

NightTrain87
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 February 2016 - 11:22 AM

Thanks Satch!

 

We seem to be rid of the homepage hijack!

 

Here are the logs, let me know if anything else needs fixing

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Jim (2016-02-15 09:42:13) Run:1
Running from C:\Users\Jim\Desktop
Loaded Profiles: Jim &  (Available Profiles: Jim)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2378488700-1762840117-2005590291-1001 -> DefaultScope {29608219-D8AE-11E4-8279-40A8F04A38ED} URL =
SearchScopes: HKU\S-1-5-21-2378488700-1762840117-2005590291-1001 -> {AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF Homepage: hxxps://startpage-home.com/?s=hp&m=start
C:\Users\Jim\AppData\Local\Temp\Extract.exe
C:\Users\Jim\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Jim\AppData\Local\Temp\oct26F9.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct2DA7.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct7749.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct805E.tmp.exe
C:\Users\Jim\AppData\Local\Temp\oct8FA9.tmp.exe
C:\Users\Jim\AppData\Local\Temp\octAFDF.tmp.exe
C:\Users\Jim\AppData\Local\Temp\octEC14.tmp.exe
C:\Users\Jim\AppData\Local\Temp\SP71715.exe
C:\Users\Jim\AppData\Local\Temp\sqlite3.dll
C:\Users\Jim\AppData\Local\Temp\UninstallHPSA.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AEBB91CA-62F4-4799-A5CF-FD785C51CEE5}" => key removed successfully
HKCR\CLSID\{AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AEBB91CA-62F4-4799-A5CF-FD785C51CEE5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} => key not found.
HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AEBB91CA-62F4-4799-A5CF-FD785C51CEE5}" => key removed successfully
HKCR\CLSID\{AEBB91CA-62F4-4799-A5CF-FD785C51CEE5} => key not found.
Firefox "homepage" removed successfully
C:\Users\Jim\AppData\Local\Temp\Extract.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\HPSFUpdater.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\oct26F9.tmp.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\oct2DA7.tmp.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\oct7749.tmp.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\oct805E.tmp.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\oct8FA9.tmp.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\octAFDF.tmp.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\octEC14.tmp.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\SP71715.exe => moved successfully
C:\Users\Jim\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Jim\AppData\Local\Temp\UninstallHPSA.exe => moved successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 397.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:54:04 ====

 

 

 

 

# AdwCleaner v5.033 - Logfile created 15/02/2016 at 10:05:24
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Jim - MYCOMPUTER
# Running from : C:\Users\Jim\Desktop\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\SweetLabs App Platform

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [713 bytes] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by Jim (Administrator) on 2016-02-15 at 10:10:07.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-02-15 at 10:14:10.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

needScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Jim (administrator) on MYCOMPUTER (15-02-2016 10:17:58)
Running from C:\Users\Jim\Desktop
Loaded Profiles: Jim (Available Profiles: Jim)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13895912 2015-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\...\Run: [Innova OBD PC-Link] => C:\Program Files (x86)\Innova OBD PC-Link\Innova.exe [76800 2015-03-31] (Innova Electronics Corp.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2015-12-29] (Webroot)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-09-07]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-09-07]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.254
Tcpip\..\Interfaces\{3e38309b-637b-475e-ae9c-9ea097d41353}: [DhcpNameServer] 192.168.100.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/19
HKU\S-1-5-21-2378488700-1762840117-2005590291-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCON14/19
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-12-18] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-12-18] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\1i8n3k6a.default
FF NewTab: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-12-18]
FF Extension: Webroot Password Manager - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\1i8n3k6a.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-12-18]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-09-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [313584 2015-08-07] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-24] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [45104 2015-12-18] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 10:17 - 2016-02-15 10:18 - 00013397 _____ C:\Users\Jim\Desktop\FRST.txt
2016-02-15 10:14 - 2016-02-15 10:14 - 00000626 _____ C:\Users\Jim\Desktop\JRT.txt
2016-02-15 10:08 - 2016-02-15 10:09 - 01609032 _____ (Malwarebytes) C:\Users\Jim\Desktop\JRT.exe
2016-02-15 10:07 - 2016-02-15 10:07 - 00000791 _____ C:\Users\Jim\Desktop\AdwCleaner[C2].txt
2016-02-15 10:01 - 2016-02-15 10:01 - 01508352 _____ C:\Users\Jim\Downloads\adwcleaner_5.033(1).exe
2016-02-15 09:42 - 2016-02-15 09:54 - 00003992 _____ C:\Users\Jim\Desktop\Fixlog.txt
2016-02-14 23:58 - 2016-02-14 23:58 - 00000064 _____ C:\Users\Jim\Desktop\BCfixthread.txt
2016-02-14 23:43 - 2016-02-14 23:44 - 00031855 _____ C:\Users\Jim\Downloads\Addition.txt
2016-02-14 23:40 - 2016-02-15 10:17 - 00000000 ____D C:\FRST
2016-02-14 23:40 - 2016-02-14 23:44 - 00042374 _____ C:\Users\Jim\Downloads\FRST.txt
2016-02-14 23:40 - 2016-02-14 23:40 - 02370560 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe
2016-02-14 23:39 - 2016-02-14 23:39 - 01721344 _____ (Farbar) C:\Users\Jim\Downloads\FRST.exe
2016-02-14 23:35 - 2016-02-14 23:35 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jim\Downloads\revosetup.exe
2016-02-14 23:35 - 2016-02-14 23:35 - 00001348 _____ C:\Users\Jim\Desktop\Revo Uninstaller.lnk
2016-02-14 23:35 - 2016-02-14 23:35 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-14 23:35 - 2016-02-14 23:35 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-02-14 23:12 - 2016-02-15 10:05 - 00000000 ____D C:\AdwCleaner
2016-02-14 23:12 - 2016-02-14 23:12 - 01508352 _____ C:\Users\Jim\Desktop\adwcleaner_5.033.exe
2016-02-14 23:05 - 2016-02-15 10:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-14 23:04 - 2016-02-14 23:04 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-14 23:04 - 2016-02-14 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-14 23:04 - 2016-02-14 23:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-14 23:04 - 2016-02-14 23:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-14 23:04 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-14 23:04 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-14 23:04 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-14 23:03 - 2016-02-14 23:04 - 22908888 _____ (Malwarebytes ) C:\Users\Jim\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-02-14 23:02 - 2016-02-14 23:04 - 22908888 _____ (Malwarebytes ) C:\Users\Jim\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-14 11:38 - 2016-02-14 11:38 - 00370159 _____ C:\Users\Jim\Downloads\Reply to your
2016-02-14 11:38 - 2016-02-14 11:38 - 00370159 _____ C:\Users\Jim\Downloads\Reply to your
2016-02-11 23:04 - 2016-02-14 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-10 17:15 - 2016-02-10 17:15 - 01254071 _____ C:\Users\Jim\Downloads\Arbitration ruling re shift levelling.pdf
2016-02-10 07:03 - 2016-01-26 23:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 07:03 - 2016-01-26 23:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 07:03 - 2016-01-26 23:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 07:03 - 2016-01-26 23:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 07:03 - 2016-01-26 22:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 07:03 - 2016-01-26 22:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 07:03 - 2016-01-26 22:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 07:03 - 2016-01-26 22:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 07:02 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 07:02 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 07:02 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 07:02 - 2016-01-27 00:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 07:02 - 2016-01-27 00:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 07:02 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 07:02 - 2016-01-27 00:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 07:02 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 07:02 - 2016-01-26 23:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 07:02 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 07:02 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 07:02 - 2016-01-26 23:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 07:02 - 2016-01-26 23:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 07:02 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 07:02 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 07:02 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 07:02 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 07:02 - 2016-01-26 23:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 07:02 - 2016-01-26 23:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 07:02 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 07:02 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 07:02 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 07:02 - 2016-01-26 23:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 07:02 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 07:02 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 07:02 - 2016-01-26 23:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 07:02 - 2016-01-26 23:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 07:02 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 07:02 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 07:02 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 07:02 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 07:02 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 07:02 - 2016-01-26 23:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 07:02 - 2016-01-26 23:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 07:02 - 2016-01-26 23:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 07:02 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 07:02 - 2016-01-26 23:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 07:02 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 07:02 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 07:02 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 07:02 - 2016-01-26 22:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 07:02 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 07:02 - 2016-01-26 22:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 07:02 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 07:02 - 2016-01-26 22:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 07:02 - 2016-01-26 22:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 07:02 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 07:02 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 07:02 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 07:02 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 07:02 - 2016-01-26 22:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 07:02 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 07:02 - 2016-01-26 22:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 07:02 - 2016-01-26 22:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 07:02 - 2016-01-26 22:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 07:02 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 07:02 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-02 12:26 - 2016-02-02 12:26 - 02089400 _____ C:\Users\Jim\Downloads\Bargaining for Beginners.pdf
2016-02-02 12:26 - 2016-02-02 12:26 - 00020206 _____ C:\Users\Jim\Downloads\bargaining_proposal.pdf
2016-02-02 12:25 - 2016-02-02 12:25 - 00030707 _____ C:\Users\Jim\Downloads\Victoria Hospital Trades Meeting Notice - 2016-2-11.pdf
2016-02-02 12:22 - 2016-02-02 12:23 - 00312852 _____ C:\Users\Jim\Downloads\Poster - 2016-2-11.pdf
2016-01-28 05:03 - 2016-01-16 00:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 05:03 - 2016-01-16 00:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 05:03 - 2016-01-15 23:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 05:03 - 2016-01-15 23:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 05:02 - 2016-01-16 00:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 05:02 - 2016-01-16 00:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 05:02 - 2016-01-16 00:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 05:02 - 2016-01-16 00:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 05:02 - 2016-01-16 00:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 05:02 - 2016-01-16 00:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 05:02 - 2016-01-16 00:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 05:02 - 2016-01-16 00:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 05:02 - 2016-01-16 00:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 05:02 - 2016-01-16 00:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 05:02 - 2016-01-16 00:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 05:02 - 2016-01-16 00:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 05:02 - 2016-01-16 00:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 05:02 - 2016-01-16 00:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 05:02 - 2016-01-16 00:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 05:02 - 2016-01-16 00:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 05:02 - 2016-01-15 23:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 05:02 - 2016-01-15 23:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 05:02 - 2016-01-15 23:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 05:02 - 2016-01-15 23:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 05:02 - 2016-01-15 23:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 05:02 - 2016-01-15 23:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 05:02 - 2016-01-15 23:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 05:02 - 2016-01-15 23:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 05:02 - 2016-01-15 23:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 05:02 - 2016-01-15 23:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 05:02 - 2016-01-15 23:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 05:02 - 2016-01-15 23:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 05:02 - 2016-01-15 23:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 05:02 - 2016-01-15 23:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 05:02 - 2016-01-15 23:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 05:02 - 2016-01-15 23:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 05:02 - 2016-01-15 23:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 05:02 - 2016-01-15 23:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 05:02 - 2016-01-15 23:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 05:02 - 2016-01-15 23:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 05:02 - 2016-01-15 23:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 05:02 - 2016-01-15 23:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 05:02 - 2016-01-15 23:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 05:02 - 2016-01-15 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 05:02 - 2016-01-15 23:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 05:02 - 2016-01-15 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 05:02 - 2016-01-15 23:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 05:02 - 2016-01-15 23:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 05:02 - 2016-01-15 23:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 05:02 - 2016-01-15 23:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 05:02 - 2016-01-15 23:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 05:02 - 2016-01-15 23:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 05:02 - 2016-01-15 23:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 05:02 - 2016-01-15 23:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 05:02 - 2016-01-15 23:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 05:02 - 2016-01-15 23:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 05:02 - 2016-01-15 23:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 05:02 - 2016-01-15 23:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 05:02 - 2016-01-15 23:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 05:02 - 2016-01-15 23:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 05:02 - 2016-01-15 23:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 05:02 - 2016-01-15 23:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 05:02 - 2016-01-15 23:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 05:02 - 2016-01-15 23:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 05:02 - 2016-01-15 23:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 05:02 - 2016-01-15 23:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 05:02 - 2016-01-15 23:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 05:02 - 2016-01-15 23:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 05:02 - 2016-01-15 23:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 05:02 - 2016-01-15 23:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 05:02 - 2016-01-15 23:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 05:02 - 2016-01-15 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 05:02 - 2016-01-15 23:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 10:13 - 2015-12-12 03:05 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-15 10:13 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-15 10:07 - 2015-10-17 10:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-15 10:06 - 2015-12-12 03:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-15 10:05 - 2015-12-12 03:01 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-02-15 10:05 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-15 09:50 - 2015-10-17 10:33 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-15 09:40 - 2015-10-14 18:10 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C4730139-27BF-4A18-A563-B893293124E1}
2016-02-14 23:27 - 2014-09-16 14:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-14 21:17 - 2015-02-27 19:44 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJim.job
2016-02-14 21:16 - 2014-09-16 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-14 12:26 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-13 19:33 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-12 08:25 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-11 11:47 - 2015-02-27 19:44 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJim
2016-02-11 10:06 - 2014-09-10 17:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-11 10:00 - 2014-09-10 17:07 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-11 03:34 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 03:31 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 15:19 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 00:06 - 2015-09-07 10:24 - 00000000 ____D C:\ProgramData\WRData
2016-02-03 13:01 - 2015-10-30 01:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 13:01 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 17:45 - 2015-10-17 10:33 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 17:45 - 2015-10-17 10:33 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 03:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-22 04:31 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 04:29 - 2015-01-26 14:04 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2015-09-07 10:25 - 2015-12-18 10:28 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe

Some files in TEMP:
====================
C:\Users\Jim\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-07 15:44

==================== End of FRST.txt ============================



#5 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:39 AM

Posted 15 February 2016 - 11:41 AM

We seem to be rid of the homepage hijack!

Good.

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Can you tell me if there are any outstanding problems.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 NightTrain87

NightTrain87
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 15 February 2016 - 12:54 PM

MBAM scan identified 0 threats! I think we're good, thank you very much for your time and expertise!



#7 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:39 AM

Posted 15 February 2016 - 05:47 PM

No problem.

 

I'll send instructions to tidy up plus a few recommendations but it'll be tomorrow as I'm a bit tied up tonight, (GMT).

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:39 AM

Posted 16 February 2016 - 07:52 AM

Your computer appears to be clean.

 

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe

 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 NightTrain87

NightTrain87
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 17 February 2016 - 01:22 PM

while trying to run delfix my webroot security blocked it, classifying it as w32.malware.gen

 

any idea why this is? is it some sort of false positive?



#10 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:39 AM

Posted 17 February 2016 - 03:49 PM

Yes.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:39 AM

Posted 18 February 2016 - 04:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users