Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bobrowser redirects, Pup programs, norton uninstall leftovers


  • This topic is locked This topic is locked
4 replies to this topic

#1 Jerhyn

Jerhyn

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:05:11 PM

Posted 19 March 2016 - 06:36 PM

This is a friends laptop, on 5/16/2015 several pup programs were downloaded

the worst were Bobrowser, desktop search, One system care, gamesdesktop, Wewatcher .

Pro pc care.
The system slowed to a crawl and web searches were constantly redirected.

Bootup and shut down varied between 20 minutes to 2 hours.

 

About 2 months ago somone tried deleting a few files, but there was no improvement.

I first checked for firewall and av software.

There was an out of date norton av that was disabled.

Windows defender looked to be on.

I uninstalled norton with the normal program uninstall, but several norton services are still running.

I tried uninstalling the pup's listed but 3 resisted removal.

I tried to download several tools but the browser kept redirecting away from Bc, emsisoft and malware bytes sites.

I loaded tools on a usb from my clean pc.

 

I unplugged the net, restarted the sick laptop in safemode, ran rkill, then installed emsisoft antimalware

from the usb.

Eam identified 19 pup's and tried to quarentiene them.

Mbam was run and identified the same pup's plus 2000 related files.

These were set to quarintiene.

No specific virus or worms were reported.

During one of the reboots windows attempted a large update but failed,

the restore took 2 hours and reset several thousand files.

 

The system now starts faster, and allows scans to run.

But there are remnants of norton and pup files remaining

 

I ran an otl set to 365 days, which shows the 5/16/2015 timeframe where these pups started.

 

 

Thank you in advance.

Jerry

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Julia (administrator) on JULIA-HP (20-03-2016 15:12:27)
Running from F:\
Loaded Profiles: Julia (Available Profiles: Julia & Emily)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\dldtcoms.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-12] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9239064 2016-02-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-818623811-3538644614-206704559-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Julia\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Julia\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Julia\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Julia\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Julia\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Julia\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-04] (Microsoft Corporation)
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-03-19] ()
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2016-03-20]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 02 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 03 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 04 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 15 C:\Windows\system32\WeWatcherLSP64.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226 192.168.1.1
Tcpip\..\Interfaces\{125D8691-AD90-46D6-A479-D3205ABA158B}: [DhcpNameServer] 192.168.0.1 205.171.2.226 192.168.1.1
Tcpip\..\Interfaces\{BB82A13D-4E0A-49F8-939C-49C5A743F72B}: [DhcpNameServer] 192.168.0.1 205.171.2.226 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-818623811-3538644614-206704559-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/hpnot13/1
HKU\S-1-5-21-818623811-3538644614-206704559-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-13] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-13] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-13] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\h4ueyp1c.default
FF Homepage: www.google.com
www.yahoo.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\h4ueyp1c.default\user.js [2015-12-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10970064 2016-02-26] (Emsisoft Ltd)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 dldt_device; C:\Windows\system32\dldtcoms.exe [1044648 2009-07-09] ( )
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-12] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [81096 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [233672 2014-02-24] (Advanced Micro Devices, Inc. )
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S4 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-04] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
S4 cpuz134; \??\C:\Users\Julia\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S4 SmbDrv; \SystemRoot\system32\drivers\Smb_driver_AMDASF.sys [X]
S4 SmbDrvI; \SystemRoot\system32\drivers\Smb_driver_Intel.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 15:12 - 2016-03-20 15:12 - 00000000 ____D C:\FRST
2016-03-19 06:58 - 2016-03-19 06:58 - 00000000 ____D C:\ProgramData\Sophos
2016-03-19 06:57 - 2016-03-19 06:57 - 00003205 _____ C:\Users\Julia\Desktop\Sophos Virus Removal Tool.lnk
2016-03-19 06:57 - 2016-03-19 06:57 - 00000000 ____D C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2016-03-19 06:57 - 2016-03-19 06:57 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-03-19 06:33 - 2016-03-19 06:33 - 00000000 ____D C:\ProgramData\Cisco Systems
2016-03-19 04:26 - 2016-03-19 05:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-19 04:25 - 2016-03-19 05:03 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-19 04:25 - 2016-03-19 05:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-19 04:25 - 2016-03-19 05:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-19 04:25 - 2016-03-19 04:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-19 04:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-19 04:25 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-19 04:25 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-19 04:11 - 2016-03-19 06:48 - 00026069 _____ C:\Users\Julia\Desktop\dds.txt
2016-03-19 04:11 - 2016-03-19 06:48 - 00017633 _____ C:\Users\Julia\Desktop\attach.txt
2016-03-19 03:19 - 2016-03-19 03:20 - 00001444 _____ C:\Users\Julia\Desktop\Rkill.txt
2016-03-17 22:30 - 2016-03-17 22:30 - 00000000 ____D C:\Users\Emily\AppData\Local\Apple
2016-03-15 14:39 - 2016-02-19 12:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-15 14:39 - 2016-02-19 11:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-15 14:39 - 2016-02-19 07:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-15 14:39 - 2016-02-11 07:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-15 14:39 - 2016-02-05 07:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-15 14:39 - 2016-02-05 07:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-15 14:39 - 2016-02-05 07:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-15 01:47 - 2016-03-15 01:47 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Adobe
2016-03-15 01:46 - 2016-03-15 01:46 - 00000000 ____D C:\Users\Emily\AppData\Local\Power2Go8
2016-03-15 01:45 - 2016-03-15 01:45 - 00000000 ____D C:\Users\Emily\AppData\Local\VirtualStore
2016-03-15 01:44 - 2016-03-15 01:44 - 00000020 ___SH C:\Users\Emily\ntuser.ini
2016-03-15 01:44 - 2016-03-15 01:44 - 00000000 _SHDL C:\Users\Emily\My Documents
2016-03-15 01:44 - 2016-03-15 01:44 - 00000000 _SHDL C:\Users\Emily\Documents\My Videos
2016-03-15 01:44 - 2016-03-15 01:44 - 00000000 _SHDL C:\Users\Emily\Documents\My Pictures
2016-03-15 01:44 - 2016-03-15 01:44 - 00000000 _SHDL C:\Users\Emily\Documents\My Music
2016-03-15 01:44 - 2016-03-15 01:44 - 00000000 ____D C:\Users\Emily
2016-03-15 01:44 - 2015-01-29 18:13 - 00002100 _____ C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-15 01:44 - 2014-11-27 19:33 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Media Center Programs
2016-03-15 01:44 - 2014-05-16 07:13 - 00000000 ___HD C:\Users\Emily\Documents\hp.system.package.metadata
2016-03-15 01:44 - 2014-05-16 07:13 - 00000000 ___HD C:\Users\Emily\Documents\hp.applications.package.appdata
2016-03-13 21:33 - 2016-03-13 21:37 - 00000000 ____D C:\Users\Julia\AppData\Roaming\WinPatrol
2016-03-13 21:28 - 2016-03-13 21:28 - 00003300 _____ C:\Windows\System32\Tasks\TitaniumInstaller
2016-03-13 21:26 - 2016-03-13 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-03-13 21:26 - 2016-03-13 21:26 - 00000000 ____D C:\ProgramData\InstallMate
2016-03-13 21:26 - 2016-03-13 21:26 - 00000000 ____D C:\Program Files (x86)\Ruiware
2016-03-13 21:18 - 2016-03-13 21:18 - 01292424 _____ (Ruiware) C:\Users\Julia\Downloads\wpsetup(1).exe
2016-03-13 21:16 - 2016-03-13 21:16 - 01292424 _____ (Ruiware) C:\Users\Julia\Downloads\wpsetup.exe
2016-03-13 21:00 - 2016-03-13 21:00 - 00000000 ____D C:\ProgramData\Emsisoft
2016-03-13 20:27 - 2016-03-13 21:11 - 00001049 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-03-13 20:27 - 2016-03-13 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-03-13 20:26 - 2016-03-20 15:13 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-13 19:30 - 2016-03-13 19:39 - 223325384 _____ (Emsisoft Ltd. ) C:\Users\Julia\Downloads\EmsisoftAntiMalwareSetup.exe
2016-03-13 18:31 - 2016-03-19 05:26 - 00461652 _____ C:\Windows\ntbtlog.txt
2016-03-13 18:01 - 2016-03-13 18:01 - 00000000 ____D C:\Windows\system32\appmgmt
2016-03-05 14:33 - 2016-03-05 14:33 - 00000355 _____ C:\Users\Julia\Documents\Homegroup - Shortcut.lnk
2016-02-25 01:49 - 2016-02-25 01:49 - 00000000 ____D C:\Users\Julia\AppData\Local\Trend Micro
2016-02-25 01:19 - 2016-01-11 12:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-25 01:19 - 2016-01-11 12:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-25 01:19 - 2016-01-11 12:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-25 01:19 - 2016-01-11 11:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-25 01:19 - 2016-01-11 11:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-25 01:19 - 2016-01-11 11:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-25 01:19 - 2016-01-11 11:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-25 01:19 - 2016-01-11 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-25 01:19 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-25 01:19 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-25 01:19 - 2016-01-11 11:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-25 01:19 - 2016-01-11 11:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-25 01:19 - 2016-01-11 11:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-25 01:19 - 2016-01-11 11:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-25 01:19 - 2016-01-11 11:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-25 01:19 - 2016-01-11 11:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-25 01:17 - 2016-02-06 03:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-25 01:17 - 2016-02-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-25 01:17 - 2016-02-06 03:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-25 01:17 - 2016-02-06 03:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-25 01:17 - 2016-02-06 03:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-25 01:17 - 2016-02-06 03:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-25 01:17 - 2016-02-06 02:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-25 01:17 - 2016-02-06 02:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-25 01:17 - 2016-02-06 02:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-25 01:17 - 2016-02-06 02:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-25 01:17 - 2016-02-06 02:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-25 01:17 - 2016-02-06 02:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-25 01:17 - 2016-02-06 02:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-25 01:17 - 2016-02-06 01:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-25 01:17 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-25 01:17 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-25 01:16 - 2016-01-22 13:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-25 01:16 - 2016-01-22 13:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-25 01:16 - 2016-01-21 23:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-25 01:16 - 2016-01-21 23:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-25 01:16 - 2016-01-21 23:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-25 01:16 - 2016-01-21 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-25 01:16 - 2016-01-21 23:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-25 01:16 - 2016-01-21 23:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-25 01:16 - 2016-01-21 23:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-25 01:16 - 2016-01-21 23:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-25 01:16 - 2016-01-21 23:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-25 01:16 - 2016-01-21 23:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-25 01:16 - 2016-01-21 23:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-25 01:16 - 2016-01-21 23:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-25 01:16 - 2016-01-21 23:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-25 01:16 - 2016-01-21 23:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-25 01:16 - 2016-01-21 23:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-25 01:16 - 2016-01-21 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-25 01:16 - 2016-01-21 23:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-25 01:16 - 2016-01-21 23:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-25 01:16 - 2016-01-21 23:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-25 01:16 - 2016-01-21 23:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-25 01:16 - 2016-01-21 23:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-25 01:16 - 2016-01-21 23:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-25 01:16 - 2016-01-21 23:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-25 01:16 - 2016-01-21 23:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-25 01:16 - 2016-01-21 23:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-25 01:16 - 2016-01-21 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-25 01:16 - 2016-01-21 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-25 01:16 - 2016-01-21 22:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-25 01:16 - 2016-01-21 22:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-25 01:16 - 2016-01-21 22:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-25 01:16 - 2016-01-21 22:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-25 01:16 - 2016-01-21 22:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-25 01:16 - 2016-01-21 22:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-25 01:16 - 2016-01-21 22:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-25 01:16 - 2016-01-21 22:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-25 01:16 - 2016-01-21 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-25 01:16 - 2016-01-21 22:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-25 01:16 - 2016-01-21 22:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-25 01:16 - 2016-01-21 22:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-25 01:16 - 2016-01-21 22:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-25 01:16 - 2016-01-21 22:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-25 01:16 - 2016-01-21 22:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-25 01:16 - 2016-01-21 22:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-25 01:16 - 2016-01-21 22:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-25 01:16 - 2016-01-21 22:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-25 01:16 - 2016-01-21 22:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-25 01:16 - 2016-01-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-25 01:16 - 2016-01-21 22:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-25 01:16 - 2016-01-21 22:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-25 01:16 - 2016-01-21 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-25 01:14 - 2016-01-07 10:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-25 01:14 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-25 01:12 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-25 01:12 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-25 01:08 - 2016-01-21 23:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-25 01:08 - 2016-01-21 23:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-25 01:08 - 2016-01-21 23:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-25 01:08 - 2016-01-21 23:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-25 01:08 - 2016-01-21 23:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-25 01:08 - 2016-01-21 23:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-25 01:08 - 2016-01-21 23:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-25 01:08 - 2016-01-21 23:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-25 01:08 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-25 01:08 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-25 01:08 - 2016-01-21 23:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-25 01:08 - 2016-01-21 23:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-25 01:08 - 2016-01-21 23:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-25 01:08 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-25 01:08 - 2016-01-21 23:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-25 01:08 - 2016-01-21 23:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-25 01:08 - 2016-01-21 23:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-25 01:08 - 2016-01-21 23:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-25 01:08 - 2016-01-21 23:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-25 01:08 - 2016-01-21 23:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-25 01:08 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-25 01:08 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-25 01:08 - 2016-01-21 23:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 23:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-25 01:08 - 2016-01-21 23:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-25 01:08 - 2016-01-21 23:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-25 01:08 - 2016-01-21 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-25 01:08 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-25 01:08 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-25 01:08 - 2016-01-21 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-25 01:08 - 2016-01-21 23:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-25 01:08 - 2016-01-21 23:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-25 01:08 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-25 01:08 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-25 01:08 - 2016-01-21 22:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-25 01:08 - 2016-01-21 22:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-25 01:08 - 2016-01-21 22:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-25 01:08 - 2016-01-21 21:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-25 01:08 - 2016-01-21 21:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-25 01:08 - 2016-01-21 21:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-25 01:08 - 2016-01-21 21:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-25 01:08 - 2016-01-21 21:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-25 01:08 - 2016-01-21 21:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-25 01:08 - 2016-01-21 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-25 01:08 - 2016-01-21 21:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-25 01:08 - 2016-01-21 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-25 01:08 - 2016-01-21 21:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 21:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 21:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-25 01:08 - 2016-01-21 21:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-25 01:07 - 2016-01-21 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-25 01:07 - 2016-01-21 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-25 01:07 - 2016-01-21 23:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-25 01:07 - 2016-01-21 23:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-25 01:07 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-25 01:07 - 2016-01-21 23:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-25 01:07 - 2016-01-21 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-25 01:07 - 2016-01-21 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-25 01:07 - 2016-01-21 22:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-25 01:07 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-25 01:07 - 2016-01-21 21:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-25 00:50 - 2016-01-21 23:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-25 00:50 - 2016-01-21 23:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-25 00:50 - 2016-01-21 23:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-25 00:50 - 2016-01-21 23:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-25 00:50 - 2016-01-21 23:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-25 00:50 - 2016-01-21 22:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-25 00:50 - 2016-01-21 22:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-25 00:50 - 2016-01-21 22:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-24 23:48 - 2016-02-25 01:53 - 00000000 ____D C:\ProgramData\Trend Micro Installer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 15:07 - 2009-07-13 21:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-20 15:07 - 2009-07-13 21:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-19 07:15 - 2014-11-27 19:31 - 06151356 _____ C:\Windows\SysWOW64\rootpa.e2e
2016-03-19 07:14 - 2009-07-13 22:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-19 07:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-19 07:08 - 2014-11-27 19:30 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-03-19 05:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-19 05:06 - 2015-01-28 10:45 - 00000000 ____D C:\ProgramData\Norton
2016-03-19 00:20 - 2014-05-16 07:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-18 23:43 - 2015-12-30 15:21 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-03-18 19:15 - 2015-09-03 12:16 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForJulia.job
2016-03-17 22:36 - 2015-01-30 17:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-13 22:37 - 2015-02-10 23:28 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-13 22:37 - 2015-02-10 23:28 - 00000000 ____D C:\Windows\system32\MRT
2016-03-13 21:34 - 2015-01-28 17:55 - 00004364 _____ C:\Windows\System32\Tasks\Driver Detective-RTMScan
2016-03-13 21:34 - 2015-01-28 17:55 - 00003792 _____ C:\Windows\System32\Tasks\Driver Detective-RTMUpdater
2016-03-13 21:34 - 2015-01-28 17:55 - 00003784 _____ C:\Windows\System32\Tasks\Driver Detective-RTMRules
2016-03-13 21:34 - 2015-01-28 17:55 - 00003494 _____ C:\Windows\System32\Tasks\Driver Detective
2016-03-13 21:24 - 2015-09-10 02:37 - 00000000 ____D C:\Users\Julia\Documents\Youcam
2016-03-13 21:14 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 20:26 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2016-03-13 19:51 - 2015-09-03 12:16 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJulia
2016-03-13 19:47 - 2014-05-16 07:11 - 00776658 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-13 18:59 - 2015-05-07 18:04 - 00000000 ____D C:\Users\Julia\AppData\Local\Deployment
2016-03-13 18:56 - 2015-01-27 21:21 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{11CAB1BC-7B09-47D4-8334-7B6C36E8C44B}
2016-03-13 17:33 - 2014-05-16 07:18 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-13 17:25 - 2015-01-29 18:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-13 17:07 - 2015-04-26 14:02 - 00000000 ____D C:\Users\Julia\AppData\Local\CrashDumps
2016-03-13 16:15 - 2015-04-06 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-13 16:15 - 2015-04-06 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-25 13:48 - 2015-01-27 21:21 - 00000886 _____ C:\Users\Julia\Desktop\Downloads.lnk
2016-02-25 13:48 - 2015-01-27 21:21 - 00000000 ___RD C:\Users\Julia\Virtual Machines
2016-02-25 09:46 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-02-25 06:16 - 2009-07-13 21:45 - 00327160 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-25 06:09 - 2015-01-30 17:42 - 00000000 ___SD C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2015-01-29 10:37 - 2015-01-29 10:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-14 09:33 - 2015-06-14 09:33 - 1498248 _____ () C:\ProgramData\setup_ef7d2a370fc04e50ae3fcd4a5f86a29d.exe

Files to move or delete:
====================
C:\ProgramData\setup_ef7d2a370fc04e50ae3fcd4a5f86a29d.exe


Some files in TEMP:
====================
C:\Users\Julia\AppData\Local\Temp\bfuibfyt.dll
C:\Users\Julia\AppData\Local\Temp\enowtm_c.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-25 09:34

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Julia (2016-03-20 15:13:58)
Running from F:\
Windows 7 Professional Service Pack 1 (X64) (2015-01-28 04:17:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-818623811-3538644614-206704559-500 - Administrator - Disabled)
Emily (S-1-5-21-818623811-3538644614-206704559-1004 - Limited - Enabled) => C:\Users\Emily
Friend (S-1-5-21-818623811-3538644614-206704559-1005 - Limited - Enabled)
Guest (S-1-5-21-818623811-3538644614-206704559-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-818623811-3538644614-206704559-1003 - Limited - Enabled)
Julia (S-1-5-21-818623811-3538644614-206704559-1001 - Administrator - Enabled) => C:\Users\Julia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E0191C80-CD69-06F0-A0D1-D915579830C1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Detective (HKU\S-1-5-21-818623811-3538644614-206704559-1001\...\DriversHQ.DriverDetective.Client) (Version: 9.1.5.5 - PC Drivers HeadQuarters LP)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-818623811-3538644614-206704559-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.6 - Reimage) <==== ATTENTION
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05C8542D-050A-4776-914E-456868A6146E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {0C7AEEB7-E667-45E5-B75B-CD7886C2DBD8} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-10] (PC Drivers Headquarters)
Task: {1DA1B056-B133-4976-A6F5-2B3EDE905809} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {35A77C8A-E44F-4F00-B86D-D90EBE9BEB0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {3A3CBE1B-9101-4F2E-969B-6AC5BFDA0A82} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {3C186A23-4C71-45F6-A4FA-93C313354D76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {57E412DB-42D4-49E9-95DD-62B84F1DD7C0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {59F25B28-719E-4B01-80CF-935F27D1FA71} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {5E7182F8-7296-40BF-B1FF-3A474A58841D} - System32\Tasks\{120D6DE8-7205-4FD3-A648-FB4966427169} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {626C2C5E-5355-4491-89CD-ABA35DDD729E} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-11-10] (Reimage ltd.) <==== ATTENTION
Task: {6493AFD2-D567-467D-A472-D51C1FFACD55} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe
Task: {6E69A961-3BE2-467D-84C7-0F7866CC8D13} - System32\Tasks\HPCeeScheduleForJulia => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {7AEF1810-D5A5-4120-A9D8-D9045C4FA570} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {7E59A95F-B98D-4E53-A2A4-959E0A721A3C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {84CFC180-E2CF-4F12-8769-E45621C48163} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {87963530-28A1-4864-B8F6-66B1D93BBB4E} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-10] (PC Drivers Headquarters)
Task: {89E223BE-472B-422F-8226-E7CD72F6E86A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {91AE24EE-4A9E-4D9E-87B3-1F2BEDF3BB74} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {92906203-109F-47C9-AF98-8CF597E2B2E8} - \SysHealth_Controller_Mon -> No File <==== ATTENTION
Task: {B0CDDEBC-F634-48C9-B0A4-8457DA03B0E0} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-10] (PC Drivers Headquarters)
Task: {B71A92DB-27E3-484D-AA6C-CC312D7064B0} - System32\Tasks\PostPoneInstall => C:\Users\Julia\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {BC139FA2-C28A-487C-9EFC-0521F44E224C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {BF07627D-594B-4EEC-823F-6907AD6B1C61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe
Task: {C3F2EEEA-C0CE-48C6-B711-0DBBE987F5EA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe
Task: {CB33EBC8-AEFA-4E04-B55E-8B04CCA2EA5E} - System32\Tasks\TitaniumInstaller => C:\ProgramData\Trend Micro Installer\Trend_Micro_1456390392\Setup.exe [2015-07-17] (Trend Micro Inc.)
Task: {CD1902BD-E389-440B-AC6F-EDDFF1D978F2} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {CFDDE0A4-237A-482A-B18D-90D11710B482} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {E5150308-33A4-498A-9484-D47D4AB71E0C} - \SysHealthcare_Controller -> No File <==== ATTENTION
Task: {F4651344-3AC5-4DBB-B994-396FD0B755B4} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {F66B8C93-FAD8-479F-B0E8-4056D9D41176} - System32\Tasks\Driver Detective => C:\Program Files (x86)\Driver Detective\DriversHQ.DriverDetective.Client.exe [2015-09-10] (PC Drivers Headquarters)
Task: {FB8E26AA-9EBC-4927-93B1-E4387A4EFEE1} - System32\Tasks\Feodsuavasef => C:\ProgramData\Feodsuavasef\1.0.1.0\uflamapo.exe <==== ATTENTION
Task: {FBD6F3E2-0388-4D6A-AA85-2CB5AD3F5203} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJulia.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-28 18:17 - 2009-07-02 13:43 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldtdrpp.dll
2014-03-11 23:29 - 2014-03-11 23:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-29 18:05 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-19 01:56 - 2015-08-19 01:56 - 06908904 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2015-10-29 22:21 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-818623811-3538644614-206704559-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-818623811-3538644614-206704559-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-818623811-3538644614-206704559-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F59C6171-2EDE-4AD8-BB23-62AA56CA6123}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A19300E-92DA-4966-B2D7-3CD1029C1F43}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E9D0BC09-97CA-486B-A00B-107AE5EAB63F}] => (Allow) LPort=2869
FirewallRules: [{BFF68265-F17D-4ABE-A195-A3605C33E1B9}] => (Allow) LPort=1900
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3242717D-9E7E-47AF-A54C-42B5A1A5A90C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E4E34EDC-1A0D-4E81-95EC-337E1A121850}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{11E58AD5-9A63-4CD3-87F5-11FF2BEC7FB2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E24A07B-D33C-4BBD-9ED7-D47149FE67DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{A667F8B6-AD67-4490-88D2-B098C5163DFE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{78DD25C9-5765-45B4-97B4-C3F4E7F90B0D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4245AC03-4F9D-473C-A4A6-450FBB0EF689}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2950693-946B-4B58-9092-BA13D91A7FF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1408164-F2CB-4ED9-A479-127A408CAF7A}] => (Allow) C:\Windows\System32\dldtcoms.exe
FirewallRules: [{AECC9E6B-6B85-4723-AB08-E81B825ABCE8}] => (Allow) C:\Windows\System32\dldtcoms.exe
FirewallRules: [{7815D954-8A0E-4BE6-808E-1E79EE992DFF}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{387892FA-0A1C-4E96-81DE-626004940E15}] => (Allow) LPort=5357
FirewallRules: [{CB0F864D-B91D-4C08-80DA-BE159BF0DBA0}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AE959E9F-F95C-4EB0-97C2-52571958A0C2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6042B2C0-10D5-4900-865B-577909C2B4EE}] => (Allow) C:\Users\Julia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2152C659-BA4D-4CD8-9849-13CDFEDA64BB}] => (Allow) C:\Users\Julia\AppData\Local\BoBrowser\Application\bobrowser.exe

==================== Restore Points =========================

25-02-2016 04:00:46 Windows Update
13-03-2016 16:14:25 Windows Update
13-03-2016 17:09:16 Windows Defender Checkpoint
13-03-2016 19:17:14 Windows Update
13-03-2016 22:35:20 Windows Update
17-03-2016 22:31:29 Windows Update
19-03-2016 06:57:25 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2016 03:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: amdocl64.dll, version: 10.0.1411.4, time stamp: 0x531fc5d8
Exception code: 0xc0000005
Fault offset: 0x0000000000234e41
Faulting process id: 0xd74
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (03/20/2016 03:03:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: amdocl64.dll, version: 10.0.1411.4, time stamp: 0x531fc5d8
Exception code: 0xc0000005
Fault offset: 0x0000000000234e41
Faulting process id: 0x788
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (03/20/2016 03:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: amdocl64.dll, version: 10.0.1411.4, time stamp: 0x531fc5d8
Exception code: 0xc0000005
Fault offset: 0x0000000000234e41
Faulting process id: 0x4d8
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (03/20/2016 03:01:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2016 07:14:36 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2016 06:44:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: amdocl64.dll, version: 10.0.1411.4, time stamp: 0x531fc5d8
Exception code: 0xc0000005
Fault offset: 0x0000000000234e41
Faulting process id: 0x628
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (03/19/2016 06:43:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: amdocl64.dll, version: 10.0.1411.4, time stamp: 0x531fc5d8
Exception code: 0xc0000005
Fault offset: 0x0000000000234e41
Faulting process id: 0x5ec
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (03/19/2016 06:43:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: amdocl64.dll, version: 10.0.1411.4, time stamp: 0x531fc5d8
Exception code: 0xc0000005
Fault offset: 0x0000000000234e41
Faulting process id: 0xff8
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (03/19/2016 06:42:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2016 06:42:02 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


System errors:
=============
Error: (03/20/2016 03:13:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:13:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:13:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:13:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:12:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:12:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:12:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:12:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:12:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106

Error: (03/20/2016 03:12:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106


==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 35%
Total physical RAM: 3545.08 MB
Available physical RAM: 2280.32 MB
Total Virtual: 7088.37 MB
Available Virtual: 5363.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.37 GB) (Free:328.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:24.09 GB) (Free:2.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP v165w) (Removable) (Total:14.96 GB) (Free:13.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FECF4D56)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 20 March 2016 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program via the Control Panel > Programs and Features applet.
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.6 - Reimage) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset catalog

(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
HKLM-x32\...\Run: [] => [X]
Winsock: Catalog9-x64 01 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 02 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 03 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 04 C:\Windows\system32\WeWatcherLSP64.dll No File
Winsock: Catalog9-x64 15 C:\Windows\system32\WeWatcherLSP64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\h4ueyp1c.default\user.js [2015-12-21]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
S4 cpuz134; \??\C:\Users\Julia\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S4 SmbDrv; \SystemRoot\system32\drivers\Smb_driver_AMDASF.sys [X]
S4 SmbDrvI; \SystemRoot\system32\drivers\Smb_driver_Intel.sys [X]
U2 TMAgent; no ImagePath
C:\ProgramData\setup_ef7d2a370fc04e50ae3fcd4a5f86a29d.exe
C:\Users\Julia\AppData\Local\Temp\bfuibfyt.dll
C:\Users\Julia\AppData\Local\Temp\enowtm_c.dll
C:\Users\Julia\AppData\Local\BoBrowser
C:\Program Files\Reimage
C:\Users\Julia\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\ProgramData\Feodsuavasef
FirewallRules: [{2152C659-BA4D-4CD8-9849-13CDFEDA64BB}] => (Allow) C:\Users\Julia\AppData\Local\BoBrowser\Application\bobrowser.exe
Task: {3A3CBE1B-9101-4F2E-969B-6AC5BFDA0A82} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {626C2C5E-5355-4491-89CD-ABA35DDD729E} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-11-10] (Reimage ltd.) <==== ATTENTION
Task: {84CFC180-E2CF-4F12-8769-E45621C48163} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {91AE24EE-4A9E-4D9E-87B3-1F2BEDF3BB74} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {92906203-109F-47C9-AF98-8CF597E2B2E8} - \SysHealth_Controller_Mon -> No File <==== ATTENTION
Task: {B71A92DB-27E3-484D-AA6C-CC312D7064B0} - System32\Tasks\PostPoneInstall => C:\Users\Julia\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {CD1902BD-E389-440B-AC6F-EDDFF1D978F2} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {E5150308-33A4-498A-9484-D47D4AB71E0C} - \SysHealthcare_Controller -> No File <==== ATTENTION
Task: {F4651344-3AC5-4DBB-B994-396FD0B755B4} - \Run_Bobby_Browser -> No File <==== ATTENTION
Task: {FB8E26AA-9EBC-4927-93B1-E4387A4EFEE1} - System32\Tasks\Feodsuavasef => C:\ProgramData\Feodsuavasef\1.0.1.0\uflamapo.exe <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Please post the logs and let me know what problem persists.

Edited by nasdaq, 20 March 2016 - 08:47 AM.


#3 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:05:11 PM

Posted 22 March 2016 - 04:39 PM

Thank you Nasdaq, that seems to have worked as intended.

 

There was a trial norton av installed by oem, but it was outdated and uninstalled.

Would the following lines clean up 4 leftover task items ?

 

 

Task: {1DA1B056-B133-4976-A6F5-2B3EDE905809} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)

Task: {6493AFD2-D567-467D-A472-D51C1FFACD55} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe

Task: {BF07627D-594B-4EEC-823F-6907AD6B1C61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe

Task: {C3F2EEEA-C0CE-48C6-B711-0DBBE987F5EA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe

 

Also what is the recomended way to remove these.

 

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

Adware cleaner did not list any files removed.

 

The requested fix log file .

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Julia (2016-03-22 06:51:35) Run:2

Running from F:\

Loaded Profiles: Julia (Available Profiles: Julia & Emily)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

cmd: netsh winsock reset catalog

 

(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe

HKLM-x32\...\Run: [] => [X]

Winsock: Catalog9-x64 01 C:\Windows\system32\WeWatcherLSP64.dll No File

Winsock: Catalog9-x64 02 C:\Windows\system32\WeWatcherLSP64.dll No File

Winsock: Catalog9-x64 03 C:\Windows\system32\WeWatcherLSP64.dll No File

y/Winsock: Catalog9-x64 04 C:\Windows\system32\WeWatcherLSP64.dll No File

Winsock: Catalog9-x64 15 C:\Windows\system32\WeWatcherLSP64.dll No File

2FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

uFF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF user.js: detected! => C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\h4ueyp1c.default\user.js [2015-12-21]

R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)

S4 cpuz134; \??\C:\Users\Julia\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

U3 McAPExe; no ImagePath

U3 McMPFSvc; no ImagePath

mU3 McNaiAnn; no ImagePath

U3 mfecore; no ImagePath

U3 MSK80Service; no ImagePath

S4 SmbDrv; \SystemRoot\system32\drivers\Smb_driver_AMDASF.sys [X]

S4 SmbDrvI; \SystemRoot\system32\drivers\Smb_driver_Intel.sys [X]

U2 TMAgent; no ImagePath

C:\ProgramData\setup_ef7d2a370fc04e50ae3fcd4a5f86a29d.exe

C:\Users\Julia\AppData\Local\Temp\bfuibfyt.dll

C:\Users\Julia\AppData\Local\Temp\enowtm_c.dll

C:\Users\Julia\AppData\Local\BoBrowser

C:\Program Files\Reimage

C:\Users\Julia\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe

C:\ProgramData\Feodsuavasef

FirewallRules: [{2152C659-BA4D-4CD8-9849-13CDFEDA64BB}] => (Allow) C:\Users\Julia\AppData\Local\BoBrowser\Application\bobrowser.exe

Task: {3A3CBE1B-9101-4F2E-969B-6AC5BFDA0A82} - \ProPCCleaner_Start -> No File <==== ATTENTION

Task: {626C2C5E-5355-4491-89CD-ABA35DDD729E} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-11-10] (Reimage ltd.) <==== ATTENTION

Task: {84CFC180-E2CF-4F12-8769-E45621C48163} - \LaunchPreSignup -> No File <==== ATTENTION

Task: {91AE24EE-4A9E-4D9E-87B3-1F2BEDF3BB74} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION

Task: {92906203-109F-47C9-AF98-8CF597E2B2E8} - \SysHealth_Controller_Mon -> No File <==== ATTENTION

Task: {B71A92DB-27E3-484D-AA6C-CC312D7064B0} - System32\Tasks\PostPoneInstall => C:\Users\Julia\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION

Task: {CD1902BD-E389-440B-AC6F-EDDFF1D978F2} - \ProPCCleaner_Popup -> No File <==== ATTENTION

Task: {E5150308-33A4-498A-9484-D47D4AB71E0C} - \SysHealthcare_Controller -> No File <==== ATTENTION

Task: {F4651344-3AC5-4DBB-B994-396FD0B755B4} - \Run_Bobby_Browser -> No File <==== ATTENTION

Task: {FB8E26AA-9EBC-4927-93B1-E4387A4EFEE1} - System32\Tasks\Feodsuavasef => C:\ProgramData\Feodsuavasef\1.0.1.0\uflamapo.exe <==== ATTENTION

 

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

 

========= netsh winsock reset catalog =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe => No running process found

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015 => key not found.

HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.

HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.

C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\h4ueyp1c.default\user.js => not found.

ReimageRealTimeProtector => service not found.

cpuz134 => service not found.

McAPExe => service not found.

McMPFSvc => service not found.

McNaiAnn => service not found.

mfecore => service not found.

MSK80Service => service not found.

SmbDrv => service not found.

SmbDrvI => service not found.

TMAgent => service removed successfully

"C:\ProgramData\setup_ef7d2a370fc04e50ae3fcd4a5f86a29d.exe" => not found.

"C:\Users\Julia\AppData\Local\Temp\bfuibfyt.dll" => not found.

"C:\Users\Julia\AppData\Local\Temp\enowtm_c.dll" => not found.

"C:\Users\Julia\AppData\Local\BoBrowser" => not found.

"C:\Program Files\Reimage" => not found.

"C:\Users\Julia\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe" => not found.

"C:\ProgramData\Feodsuavasef" => not found.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2152C659-BA4D-4CD8-9849-13CDFEDA64BB} => value not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3CBE1B-9101-4F2E-969B-6AC5BFDA0A82} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{626C2C5E-5355-4491-89CD-ABA35DDD729E} => key not found.

C:\Windows\System32\Tasks\Reimage Reminder => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84CFC180-E2CF-4F12-8769-E45621C48163} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91AE24EE-4A9E-4D9E-87B3-1F2BEDF3BB74} => key not found.

C:\Windows\System32\Tasks\ReimageUpdater => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92906203-109F-47C9-AF98-8CF597E2B2E8} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SysHealth_Controller_Mon => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B71A92DB-27E3-484D-AA6C-CC312D7064B0} => key not found.

C:\Windows\System32\Tasks\PostPoneInstall => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD1902BD-E389-440B-AC6F-EDDFF1D978F2} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150308-33A4-498A-9484-D47D4AB71E0C} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SysHealthcare_Controller => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4651344-3AC5-4DBB-B994-396FD0B755B4} => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB8E26AA-9EBC-4927-93B1-E4387A4EFEE1} => key not found.

C:\Windows\System32\Tasks\Feodsuavasef => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feodsuavasef => key not found.

EmptyTemp: => 643 MB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 06:52:31 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 23 March 2016 - 07:18 AM


Create a new Fixlist.txt file with the following entries.
I added the last line to make sure the folder is deleted.

Task: {1DA1B056-B133-4976-A6F5-2B3EDE905809} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {6493AFD2-D567-467D-A472-D51C1FFACD55} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe
Task: {BF07627D-594B-4EEC-823F-6907AD6B1C61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe
Task: {C3F2EEEA-C0CE-48C6-B711-0DBBE987F5EA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe
C:\Program Files\Common Files\AV\Norton Internet Security



====

The WildTangent games can be remove via the Control Panel > Programs > Programs and Features applet.

Remove this entry in bold.
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

If I remember well you will be asked to delete each one of the games.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 27 March 2016 - 07:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users