Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with my sister's laptop


  • This topic is locked This topic is locked
60 replies to this topic

#1 PatL

PatL

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 19 March 2015 - 11:19 PM

So my sister has a Windows 8 laptop an wants to know if there are any infections on it and what can safely be unistalled. She particularly would like to know if OneDrive an OneNote can be removed without jeopardizing the OS. Would someone be kind enough to help us with this? Also I ran FRST on her comp may anyone help us with a fixlist? 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015 (ATTENTION: ====> FRST version is 17 days old and could be outdated)
Ran by Angela (administrator) on ANGELA on 19-03-2015 20:49:05
Running from C:\Users\Angela\Desktop\Security Programs
Loaded Profiles: UpdatusUser & Angela (Available profiles: UpdatusUser & Angela & alechner831)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\FileManager\FileManager.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-10] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
URLSearchHook: [S-1-5-21-4204859643-4009438992-3315869148-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4204859643-4009438992-3315869148-1002 -> {7B6EFEF5-D5E7-4702-9B31-BBD18869E868} URL =
SearchScopes: HKU\S-1-5-21-4204859643-4009438992-3315869148-1002 -> {F0450F95-465B-48D1-82E1-A974D16E8423} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [anmphbplcihjjkljdofccokpafageioj] - C:\Users\Angela\AppData\Local\Lucky Savings\Chrome\Lucky Savings.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-10] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-05] (Windows ® 2003 DDK 3790 provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-17] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 20:48 - 2015-03-19 20:49 - 00000000 ____D () C:\FRST
2015-03-19 20:26 - 2015-03-19 20:29 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2015-03-19 20:26 - 2015-03-19 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2015-03-19 20:18 - 2015-03-19 20:18 - 00016314 _____ () C:\Users\Angela\Documents\cc_20150319_201828.reg
2015-03-19 20:17 - 2015-03-19 20:18 - 00256470 _____ () C:\Users\Angela\Documents\cc_20150319_201716.reg
2015-03-19 20:14 - 2015-03-19 20:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-17 16:53 - 2015-01-28 18:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-17 16:53 - 2015-01-28 18:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-17 16:52 - 2015-02-02 17:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-17 16:52 - 2015-02-02 17:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-17 16:52 - 2015-01-29 19:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-17 16:52 - 2015-01-29 19:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-17 16:52 - 2015-01-29 18:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-17 16:52 - 2015-01-29 18:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-17 16:52 - 2015-01-29 18:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-17 16:52 - 2015-01-27 19:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-17 16:52 - 2015-01-27 18:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-17 16:52 - 2014-12-10 22:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-17 16:52 - 2014-10-28 18:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-17 16:15 - 2015-03-17 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-17 16:04 - 2015-03-17 16:04 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2015-03-17 16:04 - 2015-03-17 16:04 - 00000000 ____D () C:\Users\TEMP
2015-03-17 16:04 - 2015-02-23 14:18 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-17 16:04 - 2014-09-20 17:41 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-17 16:04 - 2014-05-25 05:23 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2015-03-17 16:04 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-17 16:04 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-17 16:04 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-17 16:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-17 15:58 - 2015-03-17 15:58 - 00248728 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\70277734.sys
2015-03-17 15:42 - 2015-03-17 15:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-17 15:42 - 2015-03-17 15:42 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-17 15:21 - 2015-03-17 15:27 - 00000000 ____D () C:\AdwCleaner
2015-03-12 18:54 - 2015-03-05 19:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-12 18:54 - 2015-03-05 19:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-12 18:54 - 2015-02-25 16:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-12 18:54 - 2015-02-19 20:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-12 18:54 - 2015-02-19 19:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-12 18:54 - 2015-02-19 19:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-12 18:54 - 2015-02-19 19:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-12 18:54 - 2015-01-30 16:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-12 18:54 - 2015-01-28 08:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-12 18:54 - 2015-01-28 08:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-12 18:54 - 2015-01-28 08:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-12 18:54 - 2015-01-26 21:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-12 18:54 - 2015-01-26 19:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-12 18:54 - 2014-10-28 20:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-12 18:54 - 2014-10-28 19:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-12 18:54 - 2014-10-28 19:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-12 18:54 - 2014-10-28 19:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-12 18:54 - 2014-10-28 19:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-12 18:54 - 2014-10-28 19:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-12 18:54 - 2014-10-28 19:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-12 18:54 - 2014-10-28 19:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-12 18:53 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-12 18:53 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-12 18:53 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-12 18:53 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-12 18:52 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-12 18:52 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-12 18:52 - 2015-02-20 17:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-12 18:52 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-12 18:52 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-12 18:52 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-12 18:52 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-12 18:52 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-12 18:52 - 2015-02-19 19:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-12 18:52 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-12 18:52 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-12 18:52 - 2015-02-19 19:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-12 18:52 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-12 18:52 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-12 18:52 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-12 18:52 - 2015-02-19 18:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-12 18:52 - 2015-02-19 18:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-12 18:52 - 2015-02-19 18:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-12 18:52 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-12 18:52 - 2015-02-19 18:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-12 18:52 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-12 18:52 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-12 18:52 - 2015-02-19 18:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-12 18:52 - 2015-02-19 18:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-12 18:52 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-12 18:52 - 2015-02-19 18:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-12 18:52 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-12 18:52 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-12 18:52 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-12 18:52 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-12 18:52 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-12 18:52 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-12 18:52 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-12 18:51 - 2015-01-29 11:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-12 18:51 - 2015-01-29 11:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-12 18:46 - 2015-01-27 18:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-12 18:46 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-12 18:45 - 2015-02-12 10:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-12 18:45 - 2015-02-12 10:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-12 18:45 - 2015-01-20 22:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-12 18:45 - 2015-01-20 22:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-12 18:25 - 2015-03-12 18:25 - 00000000 ___RD () C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-09 21:17 - 2013-08-22 04:10 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountControlSettings - Copy.exe
2015-03-09 14:52 - 2015-03-09 14:52 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-09 14:51 - 2013-09-13 13:13 - 02214216 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-03-09 14:38 - 2015-03-09 14:38 - 00000000 ____D () C:\Users\alechner831\AppData\Roaming\Apple Computer
2015-03-09 14:38 - 2015-03-09 14:38 - 00000000 ____D () C:\Users\alechner831\AppData\Local\Apple Computer
2015-03-03 20:58 - 2015-03-04 12:11 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A9CEAB4A-F7D9-4CF0-BFB7-56C9936C8904}
2015-03-03 20:58 - 2015-03-03 20:58 - 00000000 __SHD () C:\Users\alechner831\AppData\Local\EmieUserList
2015-03-03 20:58 - 2015-03-03 20:58 - 00000000 __SHD () C:\Users\alechner831\AppData\Local\EmieSiteList
2015-03-03 20:58 - 2015-03-03 20:58 - 00000000 __SHD () C:\Users\alechner831\AppData\Local\EmieBrowserModeList
2015-03-03 20:58 - 2015-03-03 20:58 - 00000000 ____D () C:\Users\alechner831\AppData\Roaming\Macromedia
2015-03-03 00:21 - 2015-03-03 00:21 - 00000000 ____D () C:\Users\Angela\Documents\OneNote Notebooks
2015-03-03 00:10 - 2015-03-03 00:10 - 00000000 _____ () C:\Users\alechner831\agent.log
2015-03-02 23:59 - 2015-03-02 23:59 - 00000000 ____D () C:\Users\alechner831\AppData\Local\Samsung
2015-03-02 10:44 - 2015-03-02 10:44 - 00001216 _____ () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2015-02-28 05:31 - 2015-03-09 14:42 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4204859643-4009438992-3315869148-1007
2015-02-28 05:24 - 2015-02-28 05:30 - 00000000 ____D () C:\Users\alechner831\AppData\Local\Packages
2015-02-28 05:24 - 2015-02-28 05:24 - 00001446 _____ () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-28 05:24 - 2015-02-28 05:24 - 00000000 ____D () C:\Users\alechner831\AppData\Roaming\Adobe
2015-02-28 05:24 - 2015-02-28 05:24 - 00000000 ____D () C:\Users\alechner831\AppData\Local\VirtualStore
2015-02-28 05:23 - 2015-03-03 00:10 - 00000000 ____D () C:\Users\alechner831
2015-02-28 05:23 - 2015-02-28 05:23 - 00000020 ___SH () C:\Users\alechner831\ntuser.ini
2015-02-28 05:23 - 2015-02-23 14:18 - 00000000 ___RD () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-28 05:23 - 2014-09-20 17:41 - 00000000 ___RD () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-28 05:23 - 2014-05-25 05:23 - 00000000 ____D () C:\Users\alechner831\AppData\Local\Microsoft Help
2015-02-28 05:23 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-28 05:23 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-28 05:23 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-28 05:23 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\alechner831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-28 04:44 - 2015-03-19 18:21 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5E7F1D5A-80E6-488D-81CA-9529BF774BB6}
2015-02-28 04:20 - 2014-12-13 14:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-28 04:20 - 2014-12-13 14:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-28 04:20 - 2014-10-28 18:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-28 04:20 - 2014-10-28 18:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-28 04:20 - 2014-10-28 18:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-28 04:20 - 2014-10-28 18:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-27 17:16 - 2015-02-27 17:16 - 00002171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys Connect.lnk
2015-02-27 17:15 - 2015-02-27 17:15 - 00000000 ____D () C:\Program Files (x86)\Linksys
2015-02-27 17:05 - 2015-02-27 17:07 - 23482448 _____ (Belkin International, Inc.) C:\Users\Angela\Downloads\LinksysConnect.E2500.1.5.14350.0.exe
2015-02-23 14:48 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-23 14:48 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-23 14:48 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-23 14:48 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-23 14:48 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-23 14:48 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-23 14:48 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-23 14:48 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-23 14:48 - 2014-10-28 18:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-23 14:47 - 2014-12-19 01:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-23 14:47 - 2014-12-19 01:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-23 14:46 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-23 14:46 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-23 14:46 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-23 14:46 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-23 14:46 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-23 14:46 - 2014-12-08 18:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-23 14:46 - 2014-12-08 16:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-23 14:46 - 2014-10-28 19:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-23 14:46 - 2014-10-28 19:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-23 14:46 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-23 14:46 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-23 14:46 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-23 14:46 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-23 14:46 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-23 14:46 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-23 14:45 - 2015-02-03 16:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-23 14:45 - 2015-02-03 16:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-23 14:45 - 2015-02-03 16:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-23 14:45 - 2015-02-02 16:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-23 14:45 - 2015-02-02 16:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-23 14:45 - 2015-02-02 16:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-23 14:45 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-19 23:18 - 2015-02-19 23:18 - 00000186 _____ () C:\Users\Angela\MSI69559.LOG
2015-02-19 23:14 - 2015-02-19 23:14 - 00000000 ____D () C:\WINDOWS\system32\%windir%
2015-02-19 23:12 - 2015-02-19 23:12 - 00000000 ____D () C:\Users\Angela\frozen-genpy-27
2015-02-19 17:51 - 2015-02-20 01:47 - 00000000 ____D () C:\Users\Angela\msdt
2015-02-19 14:31 - 2015-02-19 14:32 - 00000778 _____ () C:\Users\Angela\MSI69558.LOG
2015-02-19 14:28 - 2015-02-19 14:28 - 00000778 _____ () C:\Users\Angela\MSI69557.LOG
2015-02-19 14:28 - 2015-02-19 14:28 - 00000778 _____ () C:\Users\Angela\MSI69556.LOG
2015-02-19 14:27 - 2015-02-19 14:27 - 00000778 _____ () C:\Users\Angela\MSI69555.LOG
2015-02-18 00:09 - 2015-02-18 00:09 - 00007603 _____ () C:\Users\Angela\AppData\Local\Resmon.ResmonCfg
2015-02-17 23:29 - 2015-02-17 23:29 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\Arduino15
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 20:39 - 2012-10-27 19:38 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4204859643-4009438992-3315869148-1002
2015-03-19 20:29 - 2014-05-25 05:14 - 00000000 ____D () C:\Users\Angela
2015-03-19 20:29 - 2012-11-14 15:04 - 00000000 ____D () C:\Users\Angela\Desktop\iTunes
2015-03-19 20:29 - 2012-08-05 15:44 - 00000000 ____D () C:\WINDOWS\Sec
2015-03-19 20:21 - 2014-05-25 05:37 - 01720293 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-19 20:16 - 2014-11-19 14:31 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-19 20:16 - 2014-05-25 06:04 - 00000000 ___DC () C:\WINDOWS\Panther
2015-03-19 20:16 - 2013-01-20 18:44 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\Azureus
2015-03-19 20:16 - 2012-10-28 11:12 - 00000000 ____D () C:\Users\Angela\AppData\Local\CrashDumps
2015-03-19 20:11 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-19 19:28 - 2014-05-19 09:18 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 19:22 - 2014-03-18 03:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-18 13:26 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-17 19:29 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-17 19:27 - 2013-08-12 11:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-17 19:18 - 2012-12-18 15:07 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-17 16:07 - 2014-05-19 09:18 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 16:02 - 2014-05-25 06:59 - 00000000 __RDO () C:\Users\Angela\OneDrive
2015-03-17 16:02 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-17 16:01 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-17 15:46 - 2012-08-22 21:03 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-17 15:29 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 19:09 - 2012-10-28 01:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 16:50 - 2012-10-27 19:27 - 00000000 ____D () C:\Users\Angela\AppData\Local\Packages
2015-03-09 15:05 - 2012-08-22 21:09 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-03-09 14:52 - 2014-10-20 08:59 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-09 14:52 - 2014-10-20 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-09 14:52 - 2014-10-20 08:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-04 14:24 - 2014-07-28 17:08 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 14:24 - 2014-07-28 17:08 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-04 12:45 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-03 06:17 - 2012-12-18 15:24 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-03 05:54 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-28 05:26 - 2012-10-27 19:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-02-28 04:19 - 2014-11-28 02:18 - 00000000 ____D () C:\ProgramData\UAB
2015-02-23 15:23 - 2014-12-28 14:56 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-23 15:23 - 2014-07-28 16:27 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-23 14:20 - 2014-10-20 08:57 - 00000000 ____D () C:\Program Files\iTunes
2015-02-23 14:20 - 2014-02-25 13:09 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2015-02-23 14:18 - 2014-05-25 05:14 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-23 14:18 - 2014-05-25 05:14 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-23 14:18 - 2014-02-25 17:10 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\WinMetadata
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-23 14:18 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-23 14:18 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-23 14:18 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-02-23 14:17 - 2014-05-25 05:14 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-23 14:17 - 2014-05-25 05:14 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-23 14:17 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-23 14:17 - 2012-11-14 23:11 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-23 14:17 - 2012-10-28 11:07 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-23 14:01 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-23 13:54 - 2014-10-20 08:57 - 00000000 ____D () C:\Program Files\iPod
2015-02-23 13:54 - 2012-10-28 11:06 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-23 13:53 - 2012-10-28 01:34 - 00000000 __RHD () C:\MSOCache
2015-02-18 16:18 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2015-02-18 00:09 - 2015-02-18 00:09 - 0007603 _____ () C:\Users\Angela\AppData\Local\Resmon.ResmonCfg
2012-10-28 11:35 - 2012-10-28 11:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-11 13:10 - 2014-08-11 13:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-21 10:21 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-03-21 10:21 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-17 19:11

==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Angela at 2015-03-19 20:49:59
Running from C:\Users\Angela\Desktop\Security Programs
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4415.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Manager (HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\DriverManager) (Version: 9.1.4.44 - PC Drivers HeadQuarters LP)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
Lucky Savings Widget (HKLM-x32\...\{6C7152EF-77D6-4CEE-A84F-2C4FB5C5DCE0}) (Version: 1.6.1.677 - Linkury Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
NVIDIA Graphics Driver 305.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.46 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.18 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.50 - Samsung Electronics CO., LTD.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{4F1936F8-82B4-437E-BC47-FAB9136A04B2}) (Version: 2.2.2 - Samsung Electronics CO., LTD.)
System Ninja version 3.0.5 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.5 - SingularLabs)
User Guide (HKLM-x32\...\{039EA659-E421-45C6-8913-BED5D69B5536}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-02-2015 13:45:33 Restore Operation
28-02-2015 04:24:56 Windows Update
04-03-2015 17:19:10 Windows Update
09-03-2015 14:53:54 Removed Bonjour
12-03-2015 19:00:35 Windows Update
17-03-2015 19:14:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B11DE66-5B2E-4F73-81F1-6A11DD1E4A10} - System32\Tasks\{F8AD866A-12BF-4DCB-B970-E73969EC7E14} => pcalua.exe -a D:\Tuning_Mode_Install\setup.exe -d D:\Tuning_Mode_Install
Task: {3B91F900-5B7B-448F-BF2E-336E82217199} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-10] (Samsung Electronics CO., LTD.)
Task: {44FE2069-8E16-4961-978F-86D867BCA698} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5DF11220-652B-41C3-8582-3571713C85A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6C1A5381-C110-4E1A-8B66-6E788920FEF7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
Task: {7D48B89A-01EE-4008-B3C6-2FAF7AF7C2F3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {807E7050-E1D5-45B6-9778-72C7938C4F9C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8A9D856A-20D2-460C-AEDC-A599935959E8} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {939DBF6C-37B3-4571-973A-501F3A8AC498} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4204859643-4009438992-3315869148-1002
Task: {98C6C990-DD5D-467B-B9DC-B84FFF6C3AE4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {B65624C5-C160-465A-B50F-7B61AB32EDF4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {C5B2C06E-5046-4AB3-A12D-C07CE81F061D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {EBCA7770-06F7-4DCC-ADD7-241B32493A6E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-17] (Microsoft Corporation)
Task: {FBDF9521-4098-4685-A7C2-1549C0F7D1F9} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-11-12] (SEC)

==================== Loaded Modules (whitelisted) ==============

2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-01-07 02:29 - 2014-01-07 02:29 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-07 02:26 - 2014-01-07 02:26 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-07 02:32 - 2014-01-07 02:32 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-10-10 21:35 - 2014-10-10 21:35 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-08-11 12:40 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Angela\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44554520.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44554520.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Angela\Pictures\hawaii vacay resized\hawaiius1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Photosmart 7520 series (NET) => "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2832B33V05VV:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\StartupApproved\Run: => "Quick Starter"
HKU\S-1-5-21-4204859643-4009438992-3315869148-1002\...\StartupApproved\Run: => "HP Photosmart 7520 series (NET)"

==================== Accounts: =============================

Administrator (S-1-5-21-4204859643-4009438992-3315869148-500 - Administrator - Disabled)
alechner831 (S-1-5-21-4204859643-4009438992-3315869148-1007 - Administrator - Enabled) => C:\Users\alechner831
Angela (S-1-5-21-4204859643-4009438992-3315869148-1002 - Administrator - Enabled) => C:\Users\Angela
Guest (S-1-5-21-4204859643-4009438992-3315869148-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-4204859643-4009438992-3315869148-1001 - Limited - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-19 20:41:26.484
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-19 20:41:26.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-18 12:53:50.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-18 12:53:47.656
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-17 23:36:23.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-17 23:36:23.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-17 23:36:23.619
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-17 23:36:23.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-17 23:36:23.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-17 23:36:23.135
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 32%
Total physical RAM: 3797.53 MB
Available physical RAM: 2566.05 MB
Total Pagefile: 4885.54 MB
Available Pagefile: 2999.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.91 GB) (Free:353.92 GB) NTFS
Drive d: (Security) (CDROM) (Total:0.69 GB) (Free:0.59 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B0418F27)

Partition: GPT Partition Type.

==================== End Of Log ============================


Edited by hamluis, 20 March 2015 - 04:26 AM.
Moved from AII to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 20 March 2015 - 11:49 AM

P.S.

 

She believes her computer was accessed remotely without her consent does anything in her logs confirm or disprove her concerns?



#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:27 PM

Posted 22 March 2015 - 10:41 AM

Hello PatL and welcome to BleepingComputer!       :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.        :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

About your Remote Access concerns, I will check it for you.

 

I've submitted my next steps to my instructor, please wait a bit.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:27 PM

Posted 22 March 2015 - 11:56 AM

Hi PatL.

 

For Onedrive:

 

Onedrive is integrated into Windows 8.1 and can't be remove. But you can disable it by follow this Microsoft's guide.

 

For OneNote:

 

Please disable startup entry called OneNote 2010 Screen Clipper and Launcher.

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 22 March 2015 - 11:12 PM

Thanks fopr the help. We ran ADWcleaner but unfortunately she had to head to head home an took her laptop so I can't acquire any logs at this moment. Adwcleaner did remove several things, such as Driver Manager though I recall.



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:27 PM

Posted 23 March 2015 - 02:20 AM

OK. Please reply to this topic when the laptop is back. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 23 March 2015 - 05:04 PM

I got her to run Adwcleaner over the phone and e-mail me the logs. Here are the result/clean from the first time we ran it an the results/clean from today. What next?

 

Adwcleaner Logs:

 

# AdwCleaner v4.112 - Logfile created 17/03/2015 at 15:21:27
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Angela - ANGELA
# Running from : C:\Users\Angela\Desktop\Security Programs\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\Driver Manager
Folder Found : C:\ProgramData\PC Drivers HeadQuarters
Folder Found : C:\Users\Angela\AppData\Local\Driver Manager
Folder Found : C:\Users\Angela\AppData\Local\torch
Folder Found : C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Manager

***** [ Scheduled tasks ] *****

Task Found : Driver Detective-RTMUpdater
Task Found : Driver Detective-RTMScan
Task Found : Driver Detective-RTMRules
Task Found : Driver Manager-RTMUpdater
Task Found : Driver Manager-RTMRules
Task Found : Driver Manager-RTMScan

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DriverSupport
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DriverSupport
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122272259}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276659}
Key Found : HKLM\SOFTWARE\torch
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276659}
Key Found : [x64] HKLM\SOFTWARE\DriverSupport
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3632 bytes] - [17/03/2015 15:21:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3691 bytes] ##########

 

2nd Scan done today at 2:41:45

 

# AdwCleaner v4.113 - Logfile created 23/03/2015 at 14:41:45
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Angela - ANGELA
# Running from : C:\Users\Angela\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3826 bytes] - [17/03/2015 15:21:27]
AdwCleaner[R1].txt - [740 bytes] - [23/03/2015 14:41:45]
AdwCleaner[S0].txt - [3784 bytes] - [17/03/2015 15:26:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [857 bytes] ##########

 

I'll wait for the next step.



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:27 PM

Posted 24 March 2015 - 02:55 AM

Hi PatL.

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of #represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

After the fix was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 26 March 2015 - 09:35 PM

Hi Sirawit,

 

I apologize for the late reply. Here is the log Adwcleaner Report you wanted an I am waiting on the new FRST & Addition logs at the moment. I will post them when I receive them.

 

Adwcleaner:

 

# AdwCleaner v4.113 - Logfile created 23/03/2015 at 14:57:55
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Angela - ANGELA
# Running from : C:\Users\Angela\Downloads\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v

*************************
AdwCleaner[R0].txt - [3826 bytes] - [17/03/2015 15:21:27]
AdwCleaner[R1].txt - [935 bytes] - [23/03/2015 14:41:45]
AdwCleaner[S0].txt - [3784 bytes] - [17/03/2015 15:26:56]
AdwCleaner[S1].txt - [865 bytes] - [23/03/2015 14:57:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [923  bytes] ##########



#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:27 PM

Posted 28 March 2015 - 12:36 PM

OK. :)

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:27 PM

Posted 31 March 2015 - 11:21 AM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 01 April 2015 - 08:45 AM

Hey, I'm still here. My sister is bringing her laptop down in two days to let me run whatever tests you'd like. I already know we need the updated FRST log, is there anything else you'd want that I can download an run right after so there isn't to long of a delay in your instructions for when I have the computer?



#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:27 PM

Posted 01 April 2015 - 08:49 AM

Hi PatL.

 

I can wait, just get the FRST logs for me when the machine is back. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 04 April 2015 - 02:32 AM

Hey Sirawit,

 

I'll get the FRST log by tomorrow morning/afternoon.



#15 PatL

PatL
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 05 April 2015 - 11:41 AM

Hi Sirawit,

 

Alas my sister seems unwilling to let me help her, and download/run FRST, without really giving me any reason. So since it isn't my computer and I can't make anyone do anything why don't we go ahead and close the topic. If she feels like working with us sometime in the future, I'll PM you an we can re-open the topic. Sound good?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users