Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes showing "outbound" warnings


  • This topic is locked This topic is locked
16 replies to this topic

#1 pizzafoundry

pizzafoundry

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 20 July 2014 - 08:17 PM

Mod edit: Moved to Malware Removal logs forum ~~ boopme


On this Vista 64 system, the user runs Malwarebytes Premium (was Pro?), and she gets popup warnings that show:
 
Malicious Website Blocked
IP: 79.135.151.35
Port: 51069
Type: Outbound
Process: c:\windows\system32\svchost.exe
 
and another identical one with IP 219.153-239.158, same port.
 
I traced one of these IPs to Latvia, never good, and the other never finished the trace.
 
We have run MWB scans in safe mode several times, finding nothing.
Today I ran tdsskiller which also found nothing.
Hijack this log:
---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:13:51 PM, on 7/20/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)

FIREFOX: 30.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Users\Joyce\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - Startup: hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.scottrade.com
O15 - Trusted Zone: *.thrivent.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
------------------------------------------------------------------------------------------------------------
 
Was reluctant to go to combofix as you always caution us on running it.
 
The same port shows in at least these two; I haven't seen any other warnings but she says it's been going on for several weeks now.  She doesn't have more than a couple weeks of system restore, so that's out as well.
 
Clues?

Edited by boopme, 20 July 2014 - 08:21 PM.


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:44 AM

Posted 21 July 2014 - 09:20 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 pizzafoundry

pizzafoundry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 July 2014 - 01:41 PM

Thanks for your reply.  Here are the logfiles from Frst:

-------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Joyce at 2014-07-21 11:25:25
Running from C:\Users\Joyce\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{F84776E3-CF42-62A3-1EAB-7D26D1F36454}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
BufferChm (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Czech (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Danish (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Dutch (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Finnish (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Greek (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Norwegian (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Russian (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Swedish (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Czech (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Danish (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Dutch (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help English (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Finnish (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help French (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help German (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Greek (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Polish (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Russian (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Swedish (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Thai (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.0225.2152.39091 - ATI) Hidden
ccc-core-static (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
ccc-utility64 (Version: 2008.0225.2153.39091 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
Comcast Universal Installer v1.2 (HKLM-x32\...\{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}) (Version: 30 - SupportSoft)
Copy (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
LightScribe  1.8.15.1 (x32 Version: 1.8.15.1 - http://www.lightscribe.com) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
LogMeIn (HKLM-x32\...\{57573545-74EB-46D2-B362-AA05364E4ED8}) (Version: 4.1.1868 - LogMeIn, Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{1A6A6531-08FC-47AD-BAC4-C41497E71033}) (Version: 7.03.0279 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.58 - Realtek Semiconductor Corp.)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)
Skins (x32 Version: 2008.0225.2153.39091 - ATI) Hidden
Status (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 82.0.188.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.324 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.324 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.4000.286 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)

==================== Restore Points  =========================

23-06-2014 19:11:09 Windows Update
27-06-2014 17:58:06 Windows Update
29-06-2014 02:31:50 Scheduled Checkpoint
01-07-2014 00:15:48 Windows Update
04-07-2014 04:14:56 Windows Update
07-07-2014 15:33:42 Windows Update
09-07-2014 00:02:20 Windows Update
12-07-2014 21:14:02 Windows Update
15-07-2014 07:24:19 Scheduled Checkpoint
16-07-2014 02:59:57 Windows Update
17-07-2014 00:45:01 Scheduled Checkpoint
17-07-2014 20:36:25 Scheduled Checkpoint
18-07-2014 16:35:48 Scheduled Checkpoint
19-07-2014 14:54:24 Windows Update
20-07-2014 23:12:54 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1149D2E9-F417-4639-8B0A-197C13D8AE1B} - System32\Tasks\Joyce => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {294D053B-4AB4-4E41-BB46-585F87EBCCC6} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {2FEBC030-B356-458D-AEFD-0EAF1568BD17} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {31E01F5F-BE9B-4431-8800-5E77678ACB87} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)
Task: {36C7242C-63B0-4B0B-A747-CAE0ECE3CA6D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Joyce => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {4023094A-8CB6-4444-BA23-28FA15085C01} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {41525083-573E-4F38-BDFF-D3E943129E3A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {4E72FC89-5D31-4995-A9B2-F46C9E3E1A15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {527997AB-286B-476C-9524-13A0F91943FD} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-06-16] (TuneUp Software)
Task: {56051716-569E-4ABD-B19C-6B6F2D5125D4} - System32\Tasks\Joyce Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {6B678319-2A65-4D55-89AE-FDCB5B9D25FC} - System32\Tasks\Microsoft\Windows\RestartManager\{8BA4E5B3-E7DB-42ff-AD69-2857B02E2660} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {812A6A7A-9EB0-4B63-A422-A2CC78B3CE3F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9EA25A1E-A51F-43A0-B7D8-CA804A9673BF} - System32\Tasks\Joyce DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)
Task: {9FF95031-4630-4FAD-A9CF-55ED30B8EB84} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {A019E3CA-8934-4B4D-85C7-A69BDF9CD0D8} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {C17546D4-8349-4C78-9F52-DA805C096981} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: {E177F673-2180-4F6D-8B8B-9D8F14F28402} - System32\Tasks\{3E15386F-7D9D-47BB-8306-C4D3B6D62060} => Iexplore.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FBB9C7E5-4927-449E-BE7F-23DB309CDB8E} - System32\Tasks\Microsoft\Windows\RestartManager\{7CB02711-D6A2-410d-8BD3-6AAD8855D275} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {FDDEE828-7DB1-4C4C-A06F-B4673FA031D6} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {FFB77736-F59E-465C-9791-C7D082274561} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) =============

2014-06-16 04:14 - 2014-06-16 04:14 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2008-02-25 20:10 - 2008-02-25 20:10 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-07-17 08:14 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 08:14 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 08:14 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-17 08:14 - 2014-07-15 02:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Joyce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ccleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Desktop Software => "C:\Program Files (x86)\ComcastUI\Universal Installer\uinstaller.exe"  /ini "uinstaller.ini" /fromrun /starthidden
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Logitech Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: Universal Installer => "C:\Program Files (x86)\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 10:56:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 08:35:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 09:15:48 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/20/2014 04:56:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 04:34:34 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/20/2014 04:34:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 02:14:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 11:34:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 11:25:09 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (07/20/2014 08:56:33 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JOYCE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5F247AXU.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (07/21/2014 10:56:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LBeepKE%%2

Error: (07/21/2014 08:35:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LBeepKE%%2

Error: (07/20/2014 04:56:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LBeepKE%%2

Error: (07/20/2014 04:34:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/20/2014 04:34:37 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/20/2014 04:34:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/20/2014 04:34:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/20/2014 04:34:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: MpFilter
spldr
Wanarpv6

Error: (07/20/2014 04:34:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068

Error: (07/20/2014 04:34:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office Sessions:
=========================
Error: (07/09/2014 05:17:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 66 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/07/2014 05:30:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 44 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-21 11:19:32.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 10:56:16.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-21 08:35:48.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 19:25:13.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 19:25:12.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 19:25:11.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 19:25:11.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 19:19:38.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 19:19:38.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 19:19:37.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 3838.18 MB
Available physical RAM: 1903.77 MB
Total Pagefile: 7916.9 MB
Available Pagefile: 5818.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:218.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (20070509_184613) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2791.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 272ED378)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================



===================================================== FRST.txt ============================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Joyce (administrator) on JOYCE-PC on 21-07-2014 11:29:19
Running from C:\Users\Joyce\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-01-11] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => RAVCpl64.exe
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3471515830-937813979-1464207771-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-3471515830-937813979-1464207771-1000\...\MountPoints2: {268e3263-b058-11e2-b1a5-002215ff1bb3} - E:\SETUP.EXE
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2109A84A1148CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - DefaultScope {381C7F0D-9A2E-458C-AF43-62590C8152B3} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {381C7F0D-9A2E-458C-AF43-62590C8152B3} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {3BB7434C-8CED-47C8-B84D-DCCE75E19904} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default
FF Homepage: hxxp://news.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Joyce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\searchplugins\startpage-https.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-10-10]
FF Extension: Auto-Sort Bookmarks - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\sortbookmarks@bouanto.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-26]
FF Extension: Tab Mix Plus - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=042413
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=042413", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultNewTabURL: https://www.bing.com/chrome/newtab?setmkt=en-US
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Search) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-04]
CHR Extension: (Google Wallet) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-04]

==================== Services (Whitelisted) =================

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160272 2008-05-02] (Logitech, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-01-11] (LogMeIn, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-06-01] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S2 LBeepKE; C:\Windows\SysWOW64\Drivers\LBeepKE.sys [4480 2006-05-25] (Logitech, Inc.) [File not signed]
S3 LHidKe; C:\Windows\System32\DRIVERS\LHidKE.Sys [53248 2006-05-10] (Logitech, Inc.) [File not signed]
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [86400 2006-05-10] (Logitech, Inc.) [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-18] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 LMouKE; C:\Windows\System32\DRIVERS\LMouKE.Sys [129536 2006-05-10] (Logitech, Inc.) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 11:25 - 2014-07-21 11:27 - 00036728 _____ () C:\Users\Joyce\Downloads\Addition.txt
2014-07-21 11:24 - 2014-07-21 11:29 - 00016074 _____ () C:\Users\Joyce\Downloads\FRST.txt
2014-07-21 11:23 - 2014-07-21 11:23 - 02090496 _____ (Farbar) C:\Users\Joyce\Downloads\FRST64.exe
2014-07-20 17:07 - 2014-07-20 17:13 - 00007764 _____ () C:\Users\Joyce\Downloads\hijackthis.log
2014-07-20 17:06 - 2014-07-20 17:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce\Downloads\HijackThis.exe
2014-07-20 16:32 - 2014-07-20 16:32 - 00001140 _____ () C:\Windows\PFRO.log
2014-07-20 16:29 - 2014-07-21 11:29 - 00000000 ____D () C:\FRST
2014-07-20 16:27 - 2014-07-20 16:27 - 00000371 _____ () C:\Users\Joyce\Desktop\Downloads.lnk
2014-07-20 16:27 - 2013-05-03 13:16 - 00014980 _____ () C:\Users\Joyce\Downloads\WLMContacts (2).csv
2014-07-20 16:25 - 2014-07-20 16:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Downloads\tdsskiller.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 05561612 _____ (Swearware) C:\Users\Joyce\Downloads\ComboFix.exe
2014-07-20 11:26 - 2014-07-20 11:32 - 00002480 _____ () C:\Windows\logboot_20.07.2014.tureg.log
2014-07-20 10:26 - 2014-07-20 10:26 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-07-14 18:14 - 2014-07-14 18:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 17:46 - 2014-07-14 17:46 - 00003720 _____ () C:\Windows\System32\Tasks\Joyce Merge
2014-07-14 17:46 - 2014-07-14 17:46 - 00003704 _____ () C:\Windows\System32\Tasks\Joyce
2014-07-09 17:17 - 2014-07-21 10:56 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-09 17:17 - 2014-07-21 10:56 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-08 15:25 - 2014-06-06 19:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 15:25 - 2014-06-06 19:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 15:25 - 2014-06-06 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 15:25 - 2014-06-06 19:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 15:25 - 2014-06-06 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 15:25 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 15:25 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 15:25 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 15:25 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 15:25 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 15:25 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 15:25 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 15:25 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 15:25 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 15:25 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 15:24 - 2014-06-06 21:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 15:24 - 2014-06-06 20:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 15:24 - 2014-06-06 19:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 15:24 - 2014-06-06 19:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 15:24 - 2014-06-06 19:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 15:24 - 2014-06-06 19:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 15:24 - 2014-06-06 19:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 15:24 - 2014-06-06 19:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 15:24 - 2014-06-06 19:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 15:24 - 2014-06-06 19:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 15:24 - 2014-06-06 17:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 15:24 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 15:24 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 15:24 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 15:24 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 15:24 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 15:24 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 15:24 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 15:24 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 15:24 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 15:24 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 15:24 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 15:24 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 15:24 - 2014-06-06 00:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 15:24 - 2014-05-30 00:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 12:49 - 2014-06-16 04:13 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

==================== One Month Modified Files and Folders =======

2014-07-21 11:29 - 2014-07-21 11:24 - 00016074 _____ () C:\Users\Joyce\Downloads\FRST.txt
2014-07-21 11:29 - 2014-07-20 16:29 - 00000000 ____D () C:\FRST
2014-07-21 11:27 - 2014-07-21 11:25 - 00036728 _____ () C:\Users\Joyce\Downloads\Addition.txt
2014-07-21 11:25 - 2012-07-30 08:38 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C689A6C8-5074-45A9-B205-86D803011351}
2014-07-21 11:23 - 2014-07-21 11:23 - 02090496 _____ (Farbar) C:\Users\Joyce\Downloads\FRST64.exe
2014-07-21 11:19 - 2014-06-12 09:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 11:05 - 2014-05-30 21:42 - 01609249 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 10:59 - 2014-02-05 19:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 10:56 - 2014-07-09 17:17 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-21 10:56 - 2014-07-09 17:17 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-21 10:55 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 10:55 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 10:55 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 08:52 - 2006-11-02 08:42 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 08:35 - 2013-02-17 14:07 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-20 17:13 - 2014-07-20 17:07 - 00007764 _____ () C:\Users\Joyce\Downloads\hijackthis.log
2014-07-20 17:06 - 2014-07-20 17:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce\Downloads\HijackThis.exe
2014-07-20 16:55 - 2013-04-30 15:19 - 00401184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 16:32 - 2014-07-20 16:32 - 00001140 _____ () C:\Windows\PFRO.log
2014-07-20 16:28 - 2008-12-06 00:14 - 00000000 ____D () C:\Users\Joyce
2014-07-20 16:27 - 2014-07-20 16:27 - 00000371 _____ () C:\Users\Joyce\Desktop\Downloads.lnk
2014-07-20 16:26 - 2014-07-20 16:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Downloads\tdsskiller.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 05561612 _____ (Swearware) C:\Users\Joyce\Downloads\ComboFix.exe
2014-07-20 15:07 - 2013-04-28 18:06 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Microsoft Help
2014-07-20 14:18 - 2013-02-17 14:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-20 14:17 - 2013-02-17 14:07 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-07-20 14:17 - 2013-02-17 14:07 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-07-20 14:17 - 2013-02-17 14:07 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-07-20 11:32 - 2014-07-20 11:26 - 00002480 _____ () C:\Windows\logboot_20.07.2014.tureg.log
2014-07-20 11:32 - 2006-11-02 05:33 - 91750400 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 62390272 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 40894464 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 00786432 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-07-20 11:25 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-07-20 10:26 - 2014-07-20 10:26 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-07-17 09:44 - 2013-04-29 14:13 - 00002609 _____ () C:\Users\Joyce\Desktop\Microsoft Office Excel 2007.lnk
2014-07-17 08:15 - 2012-09-04 08:36 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 18:28 - 2008-12-06 00:14 - 00000732 _____ () C:\Users\Joyce\AppData\Local\d3d9caps64.dat
2014-07-14 18:14 - 2014-07-14 18:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 17:46 - 2014-07-14 17:46 - 00003720 _____ () C:\Windows\System32\Tasks\Joyce Merge
2014-07-14 17:46 - 2014-07-14 17:46 - 00003704 _____ () C:\Windows\System32\Tasks\Joyce
2014-07-09 17:17 - 2013-02-17 14:07 - 00001024 _____ () C:\.rnd
2014-07-09 16:32 - 2014-02-05 19:08 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 16:31 - 2014-02-05 19:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 16:31 - 2014-02-05 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 16:23 - 2006-11-02 08:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 17:05 - 2013-08-14 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 17:04 - 2006-11-02 05:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 17:03 - 2013-04-28 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-05 15:17 - 2014-05-30 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-05 15:17 - 2013-02-17 14:35 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-05 15:17 - 2013-02-17 14:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-01 12:49 - 2014-05-01 14:43 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-06-21 06:54 - 2012-09-04 08:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 06:54 - 2012-09-04 08:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Files to move or delete:
====================
C:\Users\Public\Silverlight.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 11:04

==================== End Of Log ============================
 

best,

 

eno



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:44 AM

Posted 21 July 2014 - 01:43 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 pizzafoundry

pizzafoundry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 July 2014 - 02:09 PM

Adwcleaner ran for a while then announced a COM ERROR and gave some hex digits and LIBRARY NOT REGISTERED error.  Clicked OK, then it showed another error about OBJECT not something... and looped through this for a while after clicking OK each error.  I reran it but it failed the same way.  I looked up the library registration business and as it is fairly complicated, I went ahead to the next step.

 

Actually we have the pro version of MWB and have already run it in rootkit mode and it found nothing.  We also ran tdsskiller yesterday and it found nothing as well, so I'll go to the next junkware tool now.



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:44 AM

Posted 21 July 2014 - 02:22 PM

OK go to JRT.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 pizzafoundry

pizzafoundry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 July 2014 - 03:29 PM

During this scan, I saw another MWB alert, showing outbound, IP address 195.88.209.162, traces to .ru

This one was on a different port from the first two I sent yesterday though...I didn't note the port.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Joyce on Mon 07/21/2014 at 13:06:23.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Joyce\AppData\Roaming\drivercure"
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{00EF01A0-814A-411B-B448-DA8C5D771F84}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{01904DC8-65CB-412A-87BF-9E4706F79F59}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{029AC206-D821-4660-8F26-F4646BE19682}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{02A5A0D6-A3D7-4772-9B32-9993DFA5039D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{037F655F-238E-413B-93C6-F261030164BD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0419841C-B86D-4E02-B7CF-3D8D9C357ADB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{04A4205A-4D59-4033-88F0-52BF4CB7AE34}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{04D958F4-2886-4D36-A2A9-8981EB3636C4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{04F4B593-2B29-4985-B223-A90C65651F5E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{052313B6-C95D-47D6-A471-E9DBD7C67C48}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0533CD0E-393E-4DAD-9CE9-8EFECF97678A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{05402825-83A8-4EE9-BAFC-EE4B3E8069A3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{05632CD5-5C07-47D9-9CA9-F41A35276051}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{056CCA52-21B2-4A1F-BA8D-E4C328B49506}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0578F909-3508-4B05-98BF-5A792A5427D9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{05D60167-524C-4BAB-B4B0-725C4FAB9861}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{05E3DA4B-FB65-40B7-98C3-CE438F52B364}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{05E62F45-82E2-482E-89A6-F8BD33F3444D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0618019A-0265-43FF-9FD4-A2F6C5274B69}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{06C33919-E5BC-417D-9842-C9261A026FB2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{06F48A0A-8292-4150-A43A-F1C5EE4F050D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{075B85A6-0C01-4A97-912A-BA3E21A45077}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{076758FA-B226-4878-BC53-5A8995A9018E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{076BD036-58EE-4267-8871-CBB33D95E6C0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{07857708-8AC3-4889-A0A1-C0C429B1AC33}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{07AC5C75-7BCC-4B6B-A6DE-2E3D6FF536B8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0820B458-6ADF-4BD2-AAF2-413665E3F6EB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{08C7A71D-CC99-458A-A3FD-C5C10F7055A1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{09B9888E-2C1F-47B6-B18C-E1F8160DA77E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{09C7FC96-C36C-4525-86B0-EEE765A4102C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0A12DF3D-8D26-44CF-AA33-C63590D8E04A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0A7BBBE0-AA7E-4B75-A10B-20EC068E3F7D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0B284492-AB58-4F5C-B76B-F9DAD3D6E427}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0B2FC69A-C2BD-486B-9CAA-41D35C425AC7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0B4F0E51-BCDC-4D54-A178-718D9D748894}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0BC228D4-71BD-48DD-AEAF-5177A0C843FC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0CB1F423-999F-4674-AD3E-5EFE883777F0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0D2F56BA-BD0B-417B-B563-F79E4C34752B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0D47B2B9-B8EE-48D0-9C0D-CC3A4365C796}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0D53D55D-3870-4334-AF80-2FB9D1917EDD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0DBF32EB-93B8-44F7-9C74-C683A4279296}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0DE76DCD-E330-4696-AF4E-53575F7F238C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0E02018F-D311-4F54-9EC8-17DDAF57F272}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0EC4870A-C683-4387-9162-658A7265F1F7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0EDC0135-014A-4450-B541-F7FB14660C30}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{0EE4162B-2554-489A-8FCD-D3B851C40F30}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{103D33CA-CB3E-4373-AE17-E4A07C52C373}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{117FCCF7-301C-444A-ABFA-8905177FA158}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{11C15E8A-78D2-4932-BA69-670A3E2851AC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{131EF365-E627-43B9-88B7-7FA6F9891C9E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{141D8B2A-3C94-4A35-8D6B-B498FA0F9019}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{14AA8E0B-35A3-4A40-80B8-FBA431D9DEE1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1530FC97-851E-4BB2-B44E-272CD296B30F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1580E722-D1EB-40FC-8F87-D03EE7949E11}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{15941BE6-8D44-43BE-B154-6AE78A0B56F2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{166C3643-BE22-4EFB-A35D-1665C0F25E9A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1753C7A4-6521-4CCF-A873-EB10BC7DB1FE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{17896F5B-2FDE-4E4D-8E98-307DF4D7EA5A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{17BB95CD-31E6-4F6F-A373-7239CA17DD47}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{183BCCFF-0792-4522-8371-33B7AD30C85E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{186F7F7C-5EF0-4E95-874E-6EB83CE62493}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{188164E9-5FD3-4677-AD66-E9752344B479}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{18DF4B88-9A08-425A-AD31-90CC29C75FDD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{191C8940-E485-4805-97DA-A956F686F280}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{197411C5-014E-4313-950D-6D300F8A2BF6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1A4397EE-837A-4584-A010-C9D3BA548C14}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1A6A5EBE-A1E9-4F84-84E4-A094144FCDC3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1A9920B6-C818-4172-8927-5E1CF86F3056}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1AB1655D-61B0-4BA7-8E5F-E7258C43579D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1B0B84CF-8BE4-4E54-96DF-05A4C3969E9A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1B703F02-6FE8-4833-BE62-AED65467CE0C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1BE6F1CC-1DB0-44CD-AFB0-3D3021685647}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1C1FA5DD-B9EE-43EB-8219-632C66F43CB6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1D2C6D7D-9A05-409F-AC8B-55A991A10CE2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1D90ADA5-232A-4B65-86E6-B5931CD2209F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1DC4DBC7-BB0E-418C-A863-FBC6767F846C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1DD2A393-7AD6-4B69-9853-24A11865D1B4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1E6F45C5-A9E9-454B-B05F-8A779D2CD7B3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1FB29C34-0A03-41F2-840D-2C3A0A9FA71B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{1FFB83A9-39B8-4602-8AE8-C57FB1ADB9C3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2113F261-4A8A-4EC1-A295-CB8EF596D6CA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{214A3CB5-7419-4F69-9BDF-5A035444C484}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{21B74308-801E-4437-8ECF-E5CF1688B027}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{21FA7A39-761A-4782-AA8B-5C3B87C60B69}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{222A5C7F-4B2D-4133-8EF8-E1A0B389C6F7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{22336D19-3E12-4598-9663-A2979BDD0F99}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2282CA9B-71EF-42E6-A70C-901E9B325616}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{22FAE1AD-BB4A-4B9A-8468-8D7858E9D8C9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2300B04E-4A31-4583-BC2A-24BB6D0C5830}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{23699C31-920B-4F38-96AD-814E6F0EE625}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{23845507-6976-486D-B54C-E1255AA33D45}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{238D81F9-754D-483A-91D7-8E7D5D1AC30C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{24894EC7-6D6F-4E39-8569-A1CA2EE8661A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{24B2E462-E4A8-4839-A668-4A1BA28A2D1E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{251840B5-69D8-4EE9-A562-416E71015275}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{25C2C95C-BAB7-430B-8649-C8360441D665}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{262513C5-8480-40F9-8727-7A0B0365C5CC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2820FA74-3343-463A-A783-1727DAAB0734}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{285D75FA-5D6F-42A4-8A8A-F304D779F7E0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{288AB67F-5C9F-4C72-A1D2-607E84AE1AAC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{28DA0A26-36F0-451D-80EC-54BD079CF376}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{291DA183-C3B6-40CE-9814-88466C348ECC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2A67FE83-4647-4CC8-89BA-0E1B694397E9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2A7489DC-615E-4789-9424-3865BC386055}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2B0D5E57-B2ED-4F2D-8967-B4D2744776E4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2B17268F-DCB7-4F8C-AA89-4C3EDC6E69C5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2B33C2A2-4CA7-4800-A331-4F93EC224E31}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2B8166ED-3D18-462B-BA0E-2A25C1A34F97}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2BF19300-B3D6-486A-ABA8-597D7CAAD149}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2C060BDA-71D7-418A-BF76-E709B36FB835}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2C899A35-3947-477B-B4A4-BACE85CD961D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2D675070-9F9F-4BFE-B9B3-E357E158834B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2E570F1E-FCE9-4ADC-BD4D-CB256FA57696}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2E81C557-708B-4C2E-B50C-708DF3744445}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2E9D0126-449C-49F1-9598-A8022F811003}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2F55230C-BBAF-4AB9-A717-E45E31C31A05}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2F820CFB-67F1-4E01-92EB-BDEA10F8E256}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{2F934DAD-2694-40E4-A916-FEB9325E6AB2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{307F51B3-D44B-4135-94CA-D3390B3B3FD7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{310C7079-D2B7-49C3-B996-3F2889B2AAD0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3114D48C-3BB4-4E5D-A6AD-D24B07494336}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{311653AB-598C-4243-9064-ED790DCD414B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3154F05F-A0B0-40FD-B9D1-767EB3A4EE64}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{32A53EBA-DD3E-4183-ABC0-94A71FC27226}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{33635142-F1A8-4468-AC6D-356554AFDAAB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{33D353FE-880B-4172-8BC9-496DEE4A5FD3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{33DE2A20-01EC-4351-9AD3-665272756BEC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{344045B7-98FE-47FE-B449-9E32C29BE2E0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3466976C-CAD4-47D6-87DE-08838C2EEDAC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{34BC9B58-38B2-4CA9-A72B-7F58D0367DBB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{367B0F94-1879-484F-99C1-95552BA1111E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{36ED6F1E-67C0-43E0-9F21-DBB2141A66E0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{374F40E1-0BF3-4BBE-84AA-D95DE1A4E30C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3864883B-D132-495E-A395-DB9B88F6B846}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{38B98C34-2C98-4C83-8117-B71BEE293660}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{391CCE07-A461-4321-B842-6D5DD4D098A0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3AD53C91-AB8D-4B82-B7B8-859F63314206}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3C2EBBA7-72AA-4921-AF89-709452226258}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3C52F380-E7AA-4E2E-A2FC-EDA285DBBA52}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3D0E3DF5-126D-4C22-989A-C0B0D6334700}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3D33E82A-37B8-40C5-941C-F695E15CB8E4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3E6355FD-96AE-4F7A-8C2C-9D2C560700F4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3F51284D-2634-4C91-AD13-8D6237F51F00}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{3FDDEAAA-2B3A-4E50-ABE5-6A7621646846}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4010FD58-EE49-43FD-BB08-63B2B8329542}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{405DE3B3-A0DF-4F8F-9E38-CFB6130CD803}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4060DBBB-B4F4-49B3-8AE8-C8D9D04FCD3F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{414101F8-ED83-4A2D-8F1A-7C250201E8C3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{415BFB7A-1C43-4054-B9B6-63A86602BBDB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{426E0A9F-1593-4D07-AC55-ADD50AA4FF74}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{42EBB365-32C3-4046-AF42-5A47E1A84EA0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{437C2A1E-B46A-44B4-9238-33213F45DBF0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{446B6201-7485-46D0-B571-9FB0CC8EA487}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{452D19F6-5D6C-4844-A38E-299C669F067D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4542551D-4873-46D3-A65C-703DDC9E2B76}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{467C4ABA-2E81-40F0-ADCA-D0D14742247D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{47414617-7B10-48F0-9AA9-E9D0AA9A6617}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4745C8CB-131B-4E56-A552-C7C18C891819}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4794CDA7-AA09-4370-A3AD-E5DB0F08FCB0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{47C42332-9082-457F-A7E6-6A3B127AFF14}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4876816C-7249-452B-9196-DE41E490BEEE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{48AED5DA-4051-4501-BE4E-215D21FEAC74}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{48E5BA28-B321-46E4-B425-2DC02B4C048E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4903296E-558A-4491-ABA0-43F3899B205E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{49F48E89-B8E5-4A00-86AD-FE19FB33ABB8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4A845E64-9A77-4C32-88AA-9201371E5ECE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4AC6BF61-F392-42F6-85F5-604F832D2C27}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4B41F659-E2A0-4344-94A7-8D89D5867F38}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4C2D2C5B-D36A-4CDB-8A5F-1FAF18A07968}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4C5396CA-CBB8-46E7-A202-A4DD168C96C1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4DCAD7B5-1457-4315-AD20-74085F864929}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4E544999-CFB5-4946-8318-671335E3CD09}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4E9B4C08-8959-4AAD-98DA-866A866DAAF1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4F282CC2-8458-4F46-96AA-13503CEBB486}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4F7C4341-9878-4296-A3CF-1ED991D0CE60}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4FA6A7D0-6EB2-4A53-BFED-7DB35A76A8FE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{4FB80849-5C6E-4737-8412-E63C44FC2DF5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{50216A2A-80AC-47F3-B739-1B323D9C04C5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{509F6E5D-AA61-41A4-9E96-7D1C728EF183}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{51529EB3-D0D2-400D-A589-F923DDEEBFDF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5152D9EF-A430-4A7A-9E0B-CC9946B430A1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{51CB3428-A22A-4BEE-BFC5-AC9FC1188587}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{524A8FF0-8808-4AD8-855C-74E5246A185F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{525303F2-64E5-43F1-85C5-2AAD68591CE5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5267F0F0-7DD8-4F9E-9B15-D16822D88E32}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{526B407C-8B11-429D-B451-C23EE7E3AAC7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{52885365-36FF-4851-835C-B83FEFA168BF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{52BEA3AF-44EC-4EB8-A3BD-F45E4B25DB4C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{52C59694-60F0-483C-99AD-513F98B92A87}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{52CCB9D5-B04D-4D7A-B4B4-8F9ED3770087}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{52FD6F77-7835-420F-9059-A01C31EF7403}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{533692BC-8429-4573-971A-D5B86D2E5880}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{53E071E0-50E3-40A3-9F6A-862763C718A0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{54685D5B-75C9-413E-8D7D-4708B4EDF730}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{54D05539-6600-409C-8DCC-3FDB6BCC04A2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{55F68085-FAE2-4EE4-99E4-F8432FDB2530}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{563D765B-66D9-4048-BB14-CE2C2576FF08}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{58056666-BE49-43AB-930E-7A641F35D3F3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{597FD9FB-0190-41B4-992F-C302BC502DE0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{59BCB36C-798E-4B2F-8F27-96C022E89492}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5A671327-5B5F-495B-B2C6-E4C8818E569C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5A7D32F3-54E7-4471-8EBD-906917E1629E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5A806134-1D7F-42E4-8485-625773AF2852}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5AEE6B47-79DE-4234-BBF1-08DB52ADA961}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5B55EF5A-A153-41E6-9F01-DFCE289D167E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5B9A6BFD-CCF5-4672-B3F3-CA2043E1F402}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5BA319E8-9DB6-4597-93F1-ED817339E539}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5CB0563D-BF54-4F17-B4D9-339FC2FF9779}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5D09C714-69DE-41A4-A990-CECD6D0D1B42}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5D1CE09C-7B8A-41F9-8448-B269DEB84A9F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5D5E0F30-CEAF-4B23-A0E8-048051C42FE6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5DE6DDC8-F96D-4428-85FE-3609023D313C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5E7317B6-4FF5-46CE-9637-7CD01602F5ED}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5F3BA882-5E56-4FB9-BEEF-B17DF8438A7E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5F3D3051-A909-4781-8B83-FDFDAF1672BF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{5F8F68B1-4DE5-42EE-B3F9-4664BFA59C4A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{61477C8B-7769-49BD-B200-A1CCA2E3599F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6162AC41-612E-4CEE-BF6B-46DE36AC75DE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{61AE0274-B4EC-42DC-830E-6C383E6DDBE9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{620E6E9F-92E1-4540-BBB8-9F92E328F967}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{62136DD6-DBCF-4312-A0F1-5A790C55E4F8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{62676557-7744-420C-AED6-BFECE570D9FF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{62D3288C-500F-4266-B492-A958CF1D2396}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{62ECEBCF-8EDF-4820-B979-195393F309A8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{637DF273-2FB9-41BB-8015-89C8181E8B99}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{655424D1-0555-4CED-BDA2-C4E486F27E1D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{65E51CA5-3F36-4223-B058-34707FDA169E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6605292D-2FF0-489D-A482-4A2E7695A825}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{66D5D15A-8377-452C-AA82-4B5A2A2F400B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{67056ED9-BFCE-4C76-9DF5-AC204CB1D693}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{675D4F3C-E01E-42A7-9EC0-FD65CD041563}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6789A89B-3AF1-4919-A806-922F65DF3E79}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{67A03683-2A25-49C4-9F10-38AEBF4AE6B5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{68DCFBB0-CDB3-44FE-BFE9-E211C5721C0E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{68F75B05-0A30-42AE-9174-80B858BA653E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{69208BB8-023C-455D-8AF9-71C9405D5398}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{692EECA1-EDAB-40A3-A1DE-9487B4EA87B2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{69319068-0D3D-4923-83A9-1E0D9B9B6561}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{69423DC3-AB0E-488F-A9C3-462FE32A5646}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{69D21E4F-423F-45FA-B73B-554ACCD67949}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6A2A039A-4778-48B8-A5B6-1CB1ACBB9B89}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6AB05974-587C-4291-9E68-593052CE96D6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6ABFE964-1886-48CF-B40F-6F71E654BB7C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6AD59816-FA6F-4F6F-8C94-C22542214B83}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6B1BA6EB-6095-49B1-A633-DBDEC6A68AA3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6BE39502-E9C3-452A-B9A0-E72309A4B323}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6BEE4CCE-ED16-446E-AD23-5AAE5A13F7E6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6C76B299-AC2E-4E45-9B3B-C92781EE5B9B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6CF7DAF6-ACA5-466E-A44C-E2BCE4C15465}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6DADBD4B-B00D-4FAC-9DE0-6D43F60285A5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6DD4FEA7-5B3C-4207-8573-E1B558E51FBD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6E09209A-135B-46FA-BEEE-8779954C6298}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6E1DB290-B3D3-4864-99CA-37F58EBC8D4A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6E845198-57E9-4D41-9563-F4DBF0668CE6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6F7FB28D-D636-4CC1-BC6F-A5B73D98855A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{6FAEBC01-F509-4593-A1BE-53FBB9880653}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{70580EBD-4799-4335-B444-D4D29DECB89E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{707A9FEB-B90B-4A0B-AB41-B1840BE8E515}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{70E704A7-ED9A-4C59-9ED4-164022542987}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{70F1477A-A269-45EF-9D02-106D4A644FBD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{70F87473-9124-4B64-A556-2CB5D460A69D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{71A1600D-5F47-4C5E-9114-CCC1E8D57CF9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{72C9B943-C7C0-489D-920F-9FD216032AD5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{72FC3067-AA52-4742-A2D7-A21B10B42B2D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7333B16A-BA07-4565-B959-06175EB0B545}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{74460F45-81CB-455E-84F6-14DA17846981}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{74970246-9F44-4BBD-89A3-9EB2C2F3EB5F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{75433B4C-EB2C-414D-9496-52789ECC28CA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{758B63F8-E4A6-4D18-B797-D5EA17B0013C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{75BD0946-6FBD-468D-AB2C-BD8C7902796B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{776C55D3-F517-497C-A49D-6E7B25EA3805}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{77E4855E-C119-4AB8-B98D-BBD582A492A6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{78EA1667-49E8-4139-A31B-B4D9D4AFA8EB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{78FCF8F7-6DFE-4BC9-91B2-F0596D8F486C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{79122043-4E76-456F-8DE4-E293AD8B19CD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{794F028A-90B4-45A3-9CCB-DF8351D50DAC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{79D1272D-DF33-4717-BEA6-5673EFE70444}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{79FA3C96-4FB8-4A4C-B4D2-3048F5E667D0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7A61A5C0-0B3A-4E95-AC51-9E9F61E04632}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7A6336D5-282E-4C3A-A887-49E2486F3A4D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7AF312E9-D944-4DA1-8D38-C3FB8E953169}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7B2BF143-6566-4042-B3B5-56BED480A7F6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7B790823-9036-48FB-9404-D01F48349070}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7B9D71C8-7519-4894-B885-80B3C1DA3994}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7BAE2285-31F3-4987-B33C-1E1445473C81}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7C7331C5-EEFE-47EB-A1F2-42DEC96300BB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7C789E7B-531A-40E9-B614-FBF473D5A096}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7C87A612-169A-4AC6-8A0C-E3E5334B021A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7DEC4157-BCE1-4CEF-8C33-94A4721FD3F4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{7F093ACC-96A0-43BE-9D7B-63DFD0D58C79}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{80716FCB-60BC-462F-8A63-FEF34F5ACEC0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{807D2197-52FC-4DC3-982F-DCFD8B840E76}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{813CD009-EF4C-4B5F-9F09-0B35737C5387}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{815B77B9-9853-4603-93C2-5F187F08C5A0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{82E7D121-0770-4876-BEEB-85B30249692D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8360CEE9-2A93-456C-8563-6A85552CAAA3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{839511A4-583A-4012-9E6E-F17223B26BD4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{84172CA5-6981-4A2B-A766-1F1593B5D2C1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8427860B-8B8E-49CA-9FBA-C4E364755B51}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{84404F10-C58B-46CE-86DC-15BE3CB88595}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{84463F9A-6D6F-4213-ABC0-EECF58AB3505}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{848D253A-AFC5-460F-B404-ADF5AC581756}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{84AC6BB9-20A7-41A4-A12A-B90E7D90238A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{84ACD8A0-7BA7-4B8D-BFF1-CC4E123265AC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{84B27132-601F-4126-B2FF-196970413B1B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8657D55B-45F3-4FC9-8E16-9293D035B004}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{86BE7796-2D69-4B47-B1FD-99214B71A512}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{86CFEFBD-F788-4D97-9429-5D3BC11FEBF0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8757A2ED-739D-4CD8-899E-FEDE6A16F29C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{876B0FE2-A38E-4BC0-B13B-BDBA968E0752}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{87B94433-6178-46CD-B11D-65C256A722AF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{87EB668B-5DF8-40D1-845E-B48DD7CE940F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{89ADF37D-CC0D-4D19-998D-6AF5B0798546}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{89F8458E-F20F-4531-A230-CB9A7F5786DC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8A12737E-0E86-4787-9D65-A8D1491FC7B9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8A180EE1-BFE3-4E90-AD7A-3803E89E2D53}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8C74CFED-8C9A-48C6-9C03-28D14762FE2C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8C7D328C-77CF-4B04-B671-BD60C5304197}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8CAE4CD5-5DA6-4C12-B646-2C10866664CF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8D123829-6103-4D8D-A637-6C7840CFF2EE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8DCCAA51-B83F-477D-B6AF-BE3835568B98}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8DCFE9A2-1F42-4F2D-90BF-CB6645F31EC0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8EB2184F-B9B5-4DD8-ACA2-57F71EA188AF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8EBDD216-C41E-48CB-AD51-7305A89095CF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8ECA99D2-1D9E-4ADD-8363-5055B8D86A2B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8EFB5A36-9293-4A32-ABB2-0821D459FC53}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8F2C5926-B923-403D-8465-07A61A08DBC1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8F466102-8069-4B57-92A8-F41691D3654C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8F4CF311-7E93-41E1-AB2B-3BF62D7791E3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8F9E012C-734D-4CBE-A500-C72763A332BF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{8FB489BF-12AF-4664-BC60-ED30ECA2A464}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{900DD87D-91E6-446A-A049-248442788A9A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9126206C-ADFF-44F5-838F-6A964E000A21}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{91373C0A-B227-4B7F-8051-C03935F27FFB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{91672E6C-1794-4DE2-9E65-9D3E9A8998BB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{916F9B8F-9AD3-41C8-B2F3-4E3B97F12057}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{924783D1-0B39-4D60-995C-286E2A5BE0EA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{924E2C37-BC33-4E64-B954-CC4EC96C90E1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{92DAEF37-B8BA-434A-9B06-03976B5FEFA1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{92DCC466-6010-4F0C-B74B-F5EB8BC2E851}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9316706A-3292-4B29-A25D-83DDD0850A20}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{93C8DF15-B53F-4F8D-A630-43770FAD5A80}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{93CF1960-18A6-4618-B541-E6C93E39EE31}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{944160E9-505A-4278-A00C-36F83ED631DD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{953C9443-4656-4603-85EB-CFE1AA613670}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{95BC0471-0E51-43B8-B874-0A665846E5F1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9638323A-5926-48CD-BEB3-0D60F511DE82}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{965D30FE-13DD-4857-9F97-88C956837767}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{96D0D1FA-89CA-44FA-B829-5827FC3D0BF7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9783D289-539E-4B8C-9590-E093919206F0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9807C984-90E1-4FC2-AAE1-1B55AE5A01B3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{984BA023-E5B9-4D7B-BBCB-16148EE6BD12}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{989857A8-FC39-4B2C-A6B8-35ECD81BA61C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9A15873E-4004-454C-B8A1-0524E52F181A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9A8185F7-0CC7-448E-A05C-E633D00A4E2D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9AE557B7-1212-4093-AE00-4803EF1267C4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9AF9D2BE-7909-44BD-8BA3-02A43C7DC09A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9B9B0C17-1664-4C3C-8F52-69EA4A7EA78E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9BB0D2F8-53EC-428D-802E-20A9CBE0A4C3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9C22B505-A299-4ED0-8D87-E082C0C87AD5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9C8C7557-3ADE-4B03-9B08-EB745B9350A1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9CB7739E-7267-4691-9E06-A1DE0BF03D4D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9CD20B1F-2DD0-4133-B34A-5CE384D6C715}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9CDB5847-5BC9-4974-89A2-8AF9708A3909}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9CF648F4-0D0D-43C0-B911-B723D5B3279E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9D129DE7-EA17-48FD-A893-2464B02A8F6A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9D2085D8-C6B3-48D2-8D07-4E34F69CF720}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9D6436D9-F277-4C5A-AE40-58FFD4C9798B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9DB4D8F8-386B-4DEF-8F3B-D15B51800568}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9E659255-BC1E-4395-AD75-8D8E8B882622}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{9FF09504-9FBC-42A6-856F-0EEF34E96DA9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A07A21C9-0710-4DEB-8A88-9B51BA722671}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A178AE27-77BF-4F78-A4B2-542E24A55101}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A1837A1E-3EB3-48D7-A4DB-D911078153DB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A1847ABE-9896-44E1-9DB1-17C08F345CD7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A206A4C3-9315-4D59-83A0-8D498D25EFBA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A283E5F2-BA4C-4CD6-BCB0-5DFB851583F3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A2A1F8D3-C76C-40D1-94F6-0BBAED6794B7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A2B5D438-47F7-4216-A6F6-D42BBDB0E6B7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A3B86D47-BDC5-485B-9BCE-445994288122}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A3DAD8B4-8F50-4DFB-8F91-CF76473F6F04}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A474BA8C-DDF9-47CE-B7AA-20E77553B3FD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A47D8F13-F0F0-4D06-A8D4-9A44C5798652}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A4970B28-5EAF-42BF-917D-C79EDBE847FD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A5037C8A-68F3-4450-B1EB-2DD0015BB159}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A67680B3-8391-4F6D-9B96-722F2E6D470A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A84A7D4C-B0AB-49C8-91DA-2B345E531ECB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{A9765E12-B585-423B-950E-E6923457F504}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AA36D580-E452-4CF6-8075-29D2E70677C0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AABAECDC-0A86-455B-B7EF-24F04C81B1E1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AB10799E-D58A-4F3C-B169-B6E1800EE040}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AB5EFB61-0FD0-4948-BA52-E290DCCF1683}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{ABD38791-9B4C-4F4A-A68A-F3F43C357801}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AC6D116F-44C2-47DE-B68F-C891AAE484C7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AC8FC9A1-A8F6-4D30-929A-C0F1BF380B0D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{ACE522BB-C426-4C29-A8AD-39893214A7D1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AD94825D-55CC-41CB-94E2-E5CB25FFC452}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{ADA5897B-6948-40BD-9BEC-A97A8471E3A4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AE552033-D28E-400C-B8AB-1E7AFA68E0DD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AE609047-CF75-4B4F-9C97-E878A5A5882C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AEAD264F-D32A-429B-8C87-549AAEDC3DB4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{AF14CEBC-229B-4BAA-9E88-8E6CC6E9AA0B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B112F40E-34CA-4136-BE3A-3A14E9E2D983}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B1E1A444-6C8E-4D32-8D29-2AC6AA9C5BEE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B2051F57-7260-4784-B862-79BDE73A3CA8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B22A6B59-18F5-4957-9C0D-9D443E36B01A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B2F43611-6309-4CE5-B492-F83B85CBAEC2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B35E24C2-A557-4944-AAAD-F34B633D16F4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B378C4A8-724F-460B-AB9C-2D86D73904CA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B3A98781-D693-441A-A8CA-24144310C7B1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B5BBF387-D3C7-4C4B-9C86-177637738D5A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B67E13FA-7D5D-4DC8-B4EA-C51F682F5B2A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B6C0B66E-14A5-48C8-81AB-35CB6E041025}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B7B736A5-52A6-49FE-AD7D-731AEC2E7884}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B7ECD0B8-00A0-474A-AAF7-2BD97C45E243}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B80424FE-BFA1-49AD-8857-920F383A7FBE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B8371544-25F8-4679-B247-76C5F7518B57}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B85DD407-C546-467D-AA14-2D37E987CDDC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B863B96B-4AF6-4FA2-BDE2-4EC6BB718508}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B895A07B-072B-4A80-AB3E-C3696446C474}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B89A5019-45DE-4B91-8E5A-71BD1E589505}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B89FC144-D865-4665-BA9B-1A2576A7D382}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B940D698-6DC8-4FE8-BE49-4CC290B8EC77}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B955C00B-1EB5-4E6B-855C-3755CC596E1B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B989499A-DFD3-4390-9F77-95756DC84ED8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{B9CD4C99-4F70-41F0-B2A4-CC0736141BBA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BA8C4F19-8E7A-40C3-A3CC-D4277AB82B0C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BB5EBF19-74A0-4028-8941-FF7EBAE2D1D5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BC7278C4-73BD-4A6C-866B-F7B8AC06B372}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BC8F7CC8-02D5-4D36-89D7-BA4A51260ED1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BD4E5006-D9E6-4DB3-849F-2BBAC965EEC3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BD789D7B-2F99-4537-BC8C-D7A0EDE7F48F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BDA9BD91-9850-4342-B0E2-46B255F7CCBE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BDBA6902-44D9-428C-87B2-6E8E572CD5CB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BE2F9DA9-E6E4-475B-9F78-35A85C7DAFFB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BE34B3E3-22BD-4607-92D6-87E33D55323D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BE6B0463-B62F-4FFF-B160-C666EECFC4CF}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{BF7A9DB8-34BA-4BB8-8CB8-02A19A449432}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C03586CF-09AA-402B-B743-598FCC469740}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C0ABEE5D-8513-4A96-9E23-705605BC657E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C145B6D0-38FD-4A19-8281-236753718A3B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C16EA6E9-632D-4E7C-AEB1-945F4C5DDEF1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C1FDFDC8-8835-48BA-8558-537B9CE6845E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C23ACC8B-9705-4A9A-85AD-AF83FEF93F9E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C35872BA-D776-4711-8F7E-1FD79CB5A174}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C445C61F-86BA-442C-BBB2-6A1E4E99249F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C479253A-86C7-41CD-9968-165079F9B504}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C62D533F-9F20-4AB4-BB78-69620E7F165D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C6B1A18F-3E3B-4A3D-9635-0B9732761D17}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C72A3F67-E6F0-41E7-94B5-51BA66A8C801}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C7BA0625-FB9A-421F-B7A1-4187669676BC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C88F23A3-BE8A-4B91-BAA3-F2BBB06FED7F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C9BAFF1B-59FA-4677-8A51-9D11F2A08545}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C9F33560-8C4C-4FE4-B98E-9BF39F31551D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{C9FF14C1-8D1C-483F-888B-215030D5544B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CA76ED43-DEE0-4B84-89F3-3F58F076FBA3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CBD6C472-FEBC-445B-944E-92A073270350}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CC4AE734-1C5C-4EB1-9573-752365574988}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CC6DD532-867F-4447-A98B-024557A4FFE3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CCB0FC75-09C7-4B16-BEC8-7E6F56C9D94C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CCD463D0-26F3-485A-BA23-98E2CE577581}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CD6200E0-4530-4CC5-B590-6159DDBF94D7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CDDEF592-5B18-4545-A502-FD75592A614E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CDF0CDD7-2129-45F4-9A6C-2271D895B9E5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CDFA63E0-8BD1-4624-A6D7-5350852E92FA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CE39C214-929B-4719-A144-7FA4F3F1F74E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CF0171CF-6492-4991-A9B9-1C57F2B1E377}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CF462F81-BEC1-4C06-B0C9-A8A6365A7AAE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CF64DBBB-F1F7-40B6-90B8-02BE7AB8AB66}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{CF6F8A52-F3DE-41DF-87B0-8550DB29A3E5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D0407B17-45AF-48A4-8158-4CBCF5FC1D0C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D04E0F49-DBDB-4268-831D-C444BEB63AB4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D0E4FAC5-690E-4C65-9527-CCB45A4C0E09}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D0E98B72-6F8C-4348-8160-F091C352C3FB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D0EE8A21-4600-4935-8F6A-E16C34428AF5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D106D6F8-47D3-41DF-9255-36FCCEF9BBE8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D201CF51-7274-4147-B3FB-1BFB3275108C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D2804357-1450-465B-B668-5C6119EA12D3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D294EFF5-F1EC-46A8-A726-2732F3ACDD89}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D3A4759A-7C53-40EE-8B3B-968F2A334F56}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D3E3F595-72B2-4A20-9A7F-69DF9C49DCD0}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D4196101-2D96-4593-A68E-417F5B2E4D76}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D4382449-D106-402E-90CC-E79DBECA6FC4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D4CB0D51-C0B4-4B7B-A850-EB2F59551356}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D4DC8167-537D-41A0-A16C-0A834563C4F1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D4DE5A01-489E-430A-8B8A-6E6681DFBB47}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D4E64621-F5CC-4C87-BEC5-4BAFD04F428C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D5451A36-1FAB-4EEF-833F-73A0AECC2F7C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D56FA886-BDC9-4308-8B70-6789F6139667}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D5BD0C91-A836-4187-B5E1-87E543FA85A7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D6DCB25E-8621-4B45-9352-F1A27DB9030C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D73E10AE-6EB1-4EEE-B0D2-07F51194FEC6}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D763F2E0-2989-4538-8B77-554737327662}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D7900B8E-C11B-4113-953A-31231A0C23FC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D854342C-3CD9-421E-A514-48F8066EDD12}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D867B659-D8B3-4E87-9541-1C888136BE17}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D87D4644-ADBF-4E36-B914-7C9D0CF55523}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D8AE8D44-C4C4-4A0D-96E7-36A50253A498}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D9123BA3-9138-416D-B87F-E703588EDB85}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{D975F467-0B7C-46FC-B2D1-6015BDCBFD23}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DA0284B9-0515-4C80-B78A-7A0518395B62}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DA36B2D6-306C-4767-B65C-C88D6989AC04}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DA84279C-1F05-43D5-A79C-DD09F0938EDA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DB2FD2A5-7FD8-4811-AED7-157E20E825BC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DB5B7436-B67A-461A-B5BC-3BD5CF8FA01A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DBE19C20-C4AC-44DC-B6CB-01119F93B27B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DC1BEF18-34FB-4A23-9298-DCECA173698B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DC2AD747-2777-4A01-BCFB-379DA018F920}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DCDE5C40-80A7-4325-8335-963987188790}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DD849431-C397-4E80-8CA3-84E9B46FAE04}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DDD64BE5-45BC-4C79-9FDB-3BB8D3DA1176}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DDD7D577-2D9C-4E99-82D0-45F57514B534}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DED33061-AD7E-487E-AC01-9CF54D78CCF8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DF410913-9763-43FD-AD2A-9CCFFBBB7616}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DF83E85C-05CD-4A7E-A18F-BA4007931671}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{DF930DAE-E592-4F4F-996A-2BEDCE3F710E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E0CCE963-9D2F-45B3-9256-8EC3AE88779E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E0D60E58-4774-488F-B190-B0E204A97C4C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E147AF32-0439-4333-B297-DE280626687C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E1DA0A7D-E415-4257-9878-A5F55D419D28}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E24CD83C-792C-4A71-B04E-514C407DE369}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E34EE354-EE10-49BC-844E-81B7D82FDE8E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E4086235-A43C-4305-9616-EA1EA57907B4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E57EB58A-F825-4FC1-8218-8AAF53E0ECDE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E5CEDB63-9539-4721-92C5-AB4E91520DD4}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E6263AED-4698-4C43-8E10-273850300DEA}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E6A0CE88-31E9-46E2-9C09-9FEE9E8C379E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E84FC72D-1157-401A-BE93-480C6083950D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E88F5978-08F0-4118-B5E5-C31ECF2CA372}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E903AD51-B059-4CD9-868A-E49F11883FEC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E9361B4F-5088-48D1-A883-5C3914B6A295}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E94905F5-46FA-4624-B74F-B75C00406B32}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E94D5E87-A45D-413A-90F8-E555767D4F5A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{E9DC4113-A531-419D-A4AB-7BF60BBDF37A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{EA7B1164-C0EA-4DB7-8A6E-DB6C6EFC5AB8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{EAE01BAD-C789-49DD-A947-3DF44BE7E7AC}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{EBD3C208-CDEC-4CBD-90E0-AB602F30972B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{ECEF6C3E-CBD1-43C7-A54A-AE38ABDFB433}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{EE2E9785-F36E-4DCE-BACE-A8848F35E545}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{EE3A5823-3174-43DE-B9F6-4937CFEA7949}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{EE4687DB-B375-4D9B-88FB-BCFBC09B1323}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{EEF56CBB-8B36-4843-BD06-CE214B930ABE}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F0096983-CEA0-45F1-B690-1E0DAAF794B7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F060AB5B-34C6-47F3-AE31-0D76A57A8190}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F1155372-1369-4553-8A29-D33A88AB5D93}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F1169F8F-1C0D-4315-9ED7-E4672C0A7928}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F155D51C-4FDE-4666-8740-ABC17D28C757}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F17938D4-265B-4DE3-ABF8-0014514D77D9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F2380A75-0C0A-41C6-8AEA-B635F47089E8}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F28686CD-CE5F-4F23-9C6C-3D39B68395B7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F2997E0F-B3D4-4766-B96A-7A2458774883}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F2CF6CA0-AD5A-4D7A-9358-D162002CFC62}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F2F89481-A30F-4D11-B26A-5366F20E39FD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F3002712-ECAF-4389-82D4-F0DE2E7E5D44}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F30E3E15-8C68-4A9B-A108-6AD6815387A3}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F3490386-B09A-45CD-A4AF-D8FF2AFC712A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F3C58873-5E96-4196-AE21-46071E0518CD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F4F534C4-6B48-4EEF-874B-6AE90812BF73}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F682595D-8EC3-4C6D-8E6C-DC54BB6FEBCD}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F68ABBB1-AB00-4EC5-B3E9-594B2BABFDC2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F6A9D44D-C6FC-45FC-81C4-66C2DC031233}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F7ED7917-6A75-4345-B520-46E8592BB0C1}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F7FE5875-DDD2-4D55-9EB4-494B080F159E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F83D4EAE-CAF6-4605-A285-20050083A336}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F88754C4-AA7F-4C4E-A037-8BD252E2B4AB}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F88DF033-AF1C-4209-A406-23C71CF01E33}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F8D548AB-1A9D-494F-8504-885E856AE38F}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F91F7052-AE8E-42B9-BF26-83401F4BE118}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F9945C21-6FFA-4B8D-AA95-72DF5E219083}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{F9B005FF-4A9D-4FD3-BCF6-B76CFFBC5947}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FA23C3CD-3311-4A38-BB08-9B6F2C8BBE45}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FA3AEA62-FCC9-4A00-8D79-F652077DFF80}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FB2719FC-D12B-4F98-98E5-AB38C8FC13ED}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FBA351B0-6CAA-408E-8531-98FAC2F38743}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FBB72503-CCBD-4827-AC2C-06773823907D}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FBC10B09-350D-49F4-836A-97EAEDC5B690}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FBE2492F-7070-49B1-BAF9-92BEAAF3D472}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FBEAC09E-DE47-4F3B-92E8-E3374140C18B}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FC528027-5D8D-4887-970D-1464AFBC15D7}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FCD2689E-5D7F-4236-A48B-1B44C6B85B3C}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FCE4E1D1-B739-448C-8E88-4356BFB17C97}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FCF6295A-11CA-419E-8989-6ED7D8EFBED9}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FD47D868-3D60-435F-A769-B47FC3EE26B2}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FD663A6C-1A56-4736-9C35-3F796639770E}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FDE34E85-D85D-4A89-8689-FF43FA26BB86}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FE08DEBF-806A-42A0-B7FE-2F302B4A4F7A}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FE2E008F-0C99-4512-812B-E4C052D36650}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FE5AF382-113E-44CE-AC1D-5FC05155AAE5}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FF8D438E-724A-4F91-804F-2F1B83C9C263}
Successfully deleted: [Empty Folder] C:\Users\Joyce\appdata\local\{FFC3DC80-F0C9-4F07-88F4-45AAFF5B03ED}



~~~ FireFox

Successfully deleted: [File] C:\Users\Joyce\AppData\Roaming\mozilla\firefox\profiles\5f247axu.default\user.js
Emptied folder: C:\Users\Joyce\AppData\Roaming\mozilla\firefox\profiles\5f247axu.default\minidumps [50 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 13:21:09.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:44 AM

Posted 21 July 2014 - 03:37 PM

Proceed with the steps.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 pizzafoundry

pizzafoundry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 July 2014 - 03:43 PM

Proceed with WHAT steps?  I just sent the JRT log... what's next please?



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:44 AM

Posted 21 July 2014 - 04:27 PM

Step 4.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 pizzafoundry

pizzafoundry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 July 2014 - 04:34 PM

You saw the first FRST I sent earlier, yes?

 

Here's the one from now:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Joyce (administrator) on JOYCE-PC on 21-07-2014 14:31:28
Running from C:\Users\Joyce\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-01-11] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => RAVCpl64.exe 
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter 
HKU\S-1-5-21-3471515830-937813979-1464207771-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-3471515830-937813979-1464207771-1000\...\MountPoints2: {268e3263-b058-11e2-b1a5-002215ff1bb3} - E:\SETUP.EXE
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2109A84A1148CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {381C7F0D-9A2E-458C-AF43-62590C8152B3} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {381C7F0D-9A2E-458C-AF43-62590C8152B3} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {3BB7434C-8CED-47C8-B84D-DCCE75E19904} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default
FF Homepage: hxxp://news.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Joyce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\searchplugins\startpage-https.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-10-10]
FF Extension: Auto-Sort Bookmarks - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\sortbookmarks@bouanto.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-26]
FF Extension: Tab Mix Plus - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=042413
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=042413", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: bing.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Search) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-04]
CHR Extension: (Google Wallet) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-04]
 
==================== Services (Whitelisted) =================
 
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160272 2008-05-02] (Logitech, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-01-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-06-01] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
S2 LBeepKE; C:\Windows\SysWOW64\Drivers\LBeepKE.sys [4480 2006-05-25] (Logitech, Inc.) [File not signed]
S3 LHidKe; C:\Windows\System32\DRIVERS\LHidKE.Sys [53248 2006-05-10] (Logitech, Inc.) [File not signed]
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [86400 2006-05-10] (Logitech, Inc.) [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-18] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 LMouKE; C:\Windows\System32\DRIVERS\LMouKE.Sys [129536 2006-05-10] (Logitech, Inc.) [File not signed]
R4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 13:23 - 2014-07-21 13:23 - 00063934 _____ () C:\Users\Joyce\Downloads\JRT.txt
2014-07-21 13:21 - 2014-07-21 13:21 - 00063934 _____ () C:\Users\Joyce\Desktop\JRT.txt
2014-07-21 13:06 - 2014-07-21 13:06 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 11:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-21 11:56 - 2014-07-21 11:58 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:54 - 2014-07-21 11:54 - 01354223 _____ () C:\Users\Joyce\Downloads\AdwCleaner.exe
2014-07-21 11:54 - 2014-07-21 11:54 - 01016261 _____ (Thisisu) C:\Users\Joyce\Downloads\JRT.exe
2014-07-21 11:25 - 2014-07-21 11:27 - 00036728 _____ () C:\Users\Joyce\Downloads\Addition.txt
2014-07-21 11:24 - 2014-07-21 14:31 - 00016238 _____ () C:\Users\Joyce\Downloads\FRST.txt
2014-07-21 11:23 - 2014-07-21 11:23 - 02090496 _____ (Farbar) C:\Users\Joyce\Downloads\FRST64.exe
2014-07-20 17:07 - 2014-07-20 17:13 - 00007764 _____ () C:\Users\Joyce\Downloads\hijackthis.log
2014-07-20 17:06 - 2014-07-20 17:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce\Downloads\HijackThis.exe
2014-07-20 16:32 - 2014-07-20 16:32 - 00001140 _____ () C:\Windows\PFRO.log
2014-07-20 16:29 - 2014-07-21 14:31 - 00000000 ____D () C:\FRST
2014-07-20 16:27 - 2014-07-20 16:27 - 00000371 _____ () C:\Users\Joyce\Desktop\Downloads.lnk
2014-07-20 16:27 - 2013-05-03 13:16 - 00014980 _____ () C:\Users\Joyce\Downloads\WLMContacts (2).csv
2014-07-20 16:25 - 2014-07-20 16:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Downloads\tdsskiller.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 05561612 _____ (Swearware) C:\Users\Joyce\Downloads\ComboFix.exe
2014-07-20 11:26 - 2014-07-20 11:32 - 00002480 _____ () C:\Windows\logboot_20.07.2014.tureg.log
2014-07-20 10:26 - 2014-07-20 10:26 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-07-14 18:14 - 2014-07-14 18:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 17:46 - 2014-07-14 17:46 - 00003720 _____ () C:\Windows\System32\Tasks\Joyce Merge
2014-07-14 17:46 - 2014-07-14 17:46 - 00003704 _____ () C:\Windows\System32\Tasks\Joyce
2014-07-09 17:17 - 2014-07-21 10:56 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-09 17:17 - 2014-07-21 10:56 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-08 15:25 - 2014-06-06 19:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 15:25 - 2014-06-06 19:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 15:25 - 2014-06-06 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 15:25 - 2014-06-06 19:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 15:25 - 2014-06-06 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 15:25 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 15:25 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 15:25 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 15:25 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 15:25 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 15:25 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 15:25 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 15:25 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 15:25 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 15:25 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 15:24 - 2014-06-06 21:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 15:24 - 2014-06-06 20:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 15:24 - 2014-06-06 19:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 15:24 - 2014-06-06 19:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 15:24 - 2014-06-06 19:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 15:24 - 2014-06-06 19:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 15:24 - 2014-06-06 19:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 15:24 - 2014-06-06 19:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 15:24 - 2014-06-06 19:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 15:24 - 2014-06-06 19:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 15:24 - 2014-06-06 17:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 15:24 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 15:24 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 15:24 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 15:24 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 15:24 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 15:24 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 15:24 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 15:24 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 15:24 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 15:24 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 15:24 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 15:24 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 15:24 - 2014-06-06 00:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 15:24 - 2014-05-30 00:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 12:49 - 2014-06-16 04:13 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 14:31 - 2014-07-21 11:24 - 00016238 _____ () C:\Users\Joyce\Downloads\FRST.txt
2014-07-21 14:31 - 2014-07-20 16:29 - 00000000 ____D () C:\FRST
2014-07-21 13:59 - 2014-02-05 19:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 13:23 - 2014-07-21 13:23 - 00063934 _____ () C:\Users\Joyce\Downloads\JRT.txt
2014-07-21 13:23 - 2014-01-02 17:25 - 00777866 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-21 13:21 - 2014-07-21 13:21 - 00063934 _____ () C:\Users\Joyce\Desktop\JRT.txt
2014-07-21 13:06 - 2014-07-21 13:06 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 12:55 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 12:55 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 12:10 - 2014-06-12 09:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 11:58 - 2014-07-21 11:56 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:58 - 2014-05-30 21:42 - 01611306 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 11:54 - 2014-07-21 11:54 - 01354223 _____ () C:\Users\Joyce\Downloads\AdwCleaner.exe
2014-07-21 11:54 - 2014-07-21 11:54 - 01016261 _____ (Thisisu) C:\Users\Joyce\Downloads\JRT.exe
2014-07-21 11:27 - 2014-07-21 11:25 - 00036728 _____ () C:\Users\Joyce\Downloads\Addition.txt
2014-07-21 11:25 - 2012-07-30 08:38 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C689A6C8-5074-45A9-B205-86D803011351}
2014-07-21 11:23 - 2014-07-21 11:23 - 02090496 _____ (Farbar) C:\Users\Joyce\Downloads\FRST64.exe
2014-07-21 10:56 - 2014-07-09 17:17 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-21 10:56 - 2014-07-09 17:17 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-21 10:55 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 08:52 - 2006-11-02 08:42 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 08:35 - 2013-02-17 14:07 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-20 17:13 - 2014-07-20 17:07 - 00007764 _____ () C:\Users\Joyce\Downloads\hijackthis.log
2014-07-20 17:06 - 2014-07-20 17:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce\Downloads\HijackThis.exe
2014-07-20 16:55 - 2013-04-30 15:19 - 00401184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 16:32 - 2014-07-20 16:32 - 00001140 _____ () C:\Windows\PFRO.log
2014-07-20 16:28 - 2008-12-06 00:14 - 00000000 ____D () C:\Users\Joyce
2014-07-20 16:27 - 2014-07-20 16:27 - 00000371 _____ () C:\Users\Joyce\Desktop\Downloads.lnk
2014-07-20 16:26 - 2014-07-20 16:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Downloads\tdsskiller.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 05561612 _____ (Swearware) C:\Users\Joyce\Downloads\ComboFix.exe
2014-07-20 15:07 - 2013-04-28 18:06 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Microsoft Help
2014-07-20 14:18 - 2013-02-17 14:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-20 14:17 - 2013-02-17 14:07 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-07-20 14:17 - 2013-02-17 14:07 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-07-20 14:17 - 2013-02-17 14:07 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-07-20 11:32 - 2014-07-20 11:26 - 00002480 _____ () C:\Windows\logboot_20.07.2014.tureg.log
2014-07-20 11:32 - 2006-11-02 05:33 - 91750400 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 62390272 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 40894464 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 00786432 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-07-20 11:25 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-07-20 10:26 - 2014-07-20 10:26 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-07-17 09:44 - 2013-04-29 14:13 - 00002609 _____ () C:\Users\Joyce\Desktop\Microsoft Office Excel 2007.lnk
2014-07-17 08:15 - 2012-09-04 08:36 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 18:28 - 2008-12-06 00:14 - 00000732 _____ () C:\Users\Joyce\AppData\Local\d3d9caps64.dat
2014-07-14 18:14 - 2014-07-14 18:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 17:46 - 2014-07-14 17:46 - 00003720 _____ () C:\Windows\System32\Tasks\Joyce Merge
2014-07-14 17:46 - 2014-07-14 17:46 - 00003704 _____ () C:\Windows\System32\Tasks\Joyce
2014-07-09 17:17 - 2013-02-17 14:07 - 00001024 _____ () C:\.rnd
2014-07-09 16:32 - 2014-02-05 19:08 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 16:31 - 2014-02-05 19:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 16:31 - 2014-02-05 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 16:23 - 2006-11-02 08:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 17:05 - 2013-08-14 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 17:04 - 2006-11-02 05:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 17:03 - 2013-04-28 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-05 15:17 - 2014-05-30 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-05 15:17 - 2013-02-17 14:35 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-05 15:17 - 2013-02-17 14:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-01 12:49 - 2014-05-01 14:43 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-06-21 06:54 - 2012-09-04 08:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 06:54 - 2012-09-04 08:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
 
Files to move or delete:
====================
C:\Users\Public\Silverlight.exe
 
 
Some content of TEMP:
====================
C:\Users\Joyce\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-21 11:04
 
==================== End Of Log ============================


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:44 AM

Posted 21 July 2014 - 04:42 PM

You sent one in the third post.

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 pizzafoundry

pizzafoundry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 July 2014 - 06:55 PM

We ran the fix file, then FRST, then Eset.

 

Frst log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Joyce (administrator) on JOYCE-PC on 21-07-2014 14:51:30
Running from C:\Users\Joyce\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-01-11] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => RAVCpl64.exe
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3471515830-937813979-1464207771-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2109A84A1148CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Joyce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-10-10]
FF Extension: Auto-Sort Bookmarks - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\sortbookmarks@bouanto.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-26]
FF Extension: Tab Mix Plus - C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\5f247axu.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=042413
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=042413", "hxxp://www.google.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultNewTabURL: https://www.bing.com/chrome/newtab?setmkt=en-US
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Search) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-04]
CHR Extension: (Google Wallet) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-04]

==================== Services (Whitelisted) =================

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160272 2008-05-02] (Logitech, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-01-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-06-01] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S2 LBeepKE; C:\Windows\SysWOW64\Drivers\LBeepKE.sys [4480 2006-05-25] (Logitech, Inc.) [File not signed]
S3 LHidKe; C:\Windows\System32\DRIVERS\LHidKE.Sys [53248 2006-05-10] (Logitech, Inc.) [File not signed]
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [86400 2006-05-10] (Logitech, Inc.) [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-18] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 LMouKE; C:\Windows\System32\DRIVERS\LMouKE.Sys [129536 2006-05-10] (Logitech, Inc.) [File not signed]
R4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-02] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 13:23 - 2014-07-21 13:23 - 00063934 _____ () C:\Users\Joyce\Downloads\JRT.txt
2014-07-21 13:21 - 2014-07-21 13:21 - 00063934 _____ () C:\Users\Joyce\Desktop\JRT.txt
2014-07-21 13:06 - 2014-07-21 13:06 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 11:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-21 11:56 - 2014-07-21 11:58 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:54 - 2014-07-21 11:54 - 01354223 _____ () C:\Users\Joyce\Downloads\AdwCleaner.exe
2014-07-21 11:54 - 2014-07-21 11:54 - 01016261 _____ (Thisisu) C:\Users\Joyce\Downloads\JRT.exe
2014-07-21 11:25 - 2014-07-21 11:27 - 00036728 _____ () C:\Users\Joyce\Downloads\Addition.txt
2014-07-21 11:24 - 2014-07-21 14:51 - 00014871 _____ () C:\Users\Joyce\Downloads\FRST.txt
2014-07-21 11:23 - 2014-07-21 11:23 - 02090496 _____ (Farbar) C:\Users\Joyce\Downloads\FRST64.exe
2014-07-20 17:07 - 2014-07-20 17:13 - 00007764 _____ () C:\Users\Joyce\Downloads\hijackthis.log
2014-07-20 17:06 - 2014-07-20 17:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce\Downloads\HijackThis.exe
2014-07-20 16:32 - 2014-07-20 16:32 - 00001140 _____ () C:\Windows\PFRO.log
2014-07-20 16:29 - 2014-07-21 14:51 - 00000000 ____D () C:\FRST
2014-07-20 16:27 - 2014-07-20 16:27 - 00000371 _____ () C:\Users\Joyce\Desktop\Downloads.lnk
2014-07-20 16:27 - 2013-05-03 13:16 - 00014980 _____ () C:\Users\Joyce\Downloads\WLMContacts (2).csv
2014-07-20 16:25 - 2014-07-20 16:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Downloads\tdsskiller.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 05561612 _____ (Swearware) C:\Users\Joyce\Downloads\ComboFix.exe
2014-07-20 11:26 - 2014-07-20 11:32 - 00002480 _____ () C:\Windows\logboot_20.07.2014.tureg.log
2014-07-20 10:26 - 2014-07-20 10:26 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-07-14 18:14 - 2014-07-14 18:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 17:46 - 2014-07-14 17:46 - 00003720 _____ () C:\Windows\System32\Tasks\Joyce Merge
2014-07-14 17:46 - 2014-07-14 17:46 - 00003704 _____ () C:\Windows\System32\Tasks\Joyce
2014-07-09 17:17 - 2014-07-21 10:56 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-09 17:17 - 2014-07-21 10:56 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-08 15:25 - 2014-06-06 19:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 15:25 - 2014-06-06 19:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 15:25 - 2014-06-06 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 15:25 - 2014-06-06 19:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 15:25 - 2014-06-06 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 15:25 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 15:25 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 15:25 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 15:25 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 15:25 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 15:25 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 15:25 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 15:25 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 15:25 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 15:25 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 15:24 - 2014-06-06 21:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 15:24 - 2014-06-06 20:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 15:24 - 2014-06-06 19:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 15:24 - 2014-06-06 19:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 15:24 - 2014-06-06 19:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 15:24 - 2014-06-06 19:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 15:24 - 2014-06-06 19:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 15:24 - 2014-06-06 19:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 15:24 - 2014-06-06 19:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 15:24 - 2014-06-06 19:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 15:24 - 2014-06-06 19:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 15:24 - 2014-06-06 19:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 15:24 - 2014-06-06 17:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 15:24 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 15:24 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 15:24 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 15:24 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-08 15:24 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 15:24 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 15:24 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 15:24 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-08 15:24 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 15:24 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-08 15:24 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-08 15:24 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 15:24 - 2014-06-06 00:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 15:24 - 2014-05-30 00:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 12:49 - 2014-06-16 04:13 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-07-01 12:49 - 2014-06-16 04:13 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

==================== One Month Modified Files and Folders =======

2014-07-21 14:51 - 2014-07-21 11:24 - 00014871 _____ () C:\Users\Joyce\Downloads\FRST.txt
2014-07-21 14:51 - 2014-07-20 16:29 - 00000000 ____D () C:\FRST
2014-07-21 13:59 - 2014-02-05 19:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 13:23 - 2014-07-21 13:23 - 00063934 _____ () C:\Users\Joyce\Downloads\JRT.txt
2014-07-21 13:23 - 2014-01-02 17:25 - 00777866 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-21 13:21 - 2014-07-21 13:21 - 00063934 _____ () C:\Users\Joyce\Desktop\JRT.txt
2014-07-21 13:06 - 2014-07-21 13:06 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 12:55 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 12:55 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 12:10 - 2014-06-12 09:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 11:58 - 2014-07-21 11:56 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:58 - 2014-05-30 21:42 - 01611306 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 11:54 - 2014-07-21 11:54 - 01354223 _____ () C:\Users\Joyce\Downloads\AdwCleaner.exe
2014-07-21 11:54 - 2014-07-21 11:54 - 01016261 _____ (Thisisu) C:\Users\Joyce\Downloads\JRT.exe
2014-07-21 11:27 - 2014-07-21 11:25 - 00036728 _____ () C:\Users\Joyce\Downloads\Addition.txt
2014-07-21 11:25 - 2012-07-30 08:38 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C689A6C8-5074-45A9-B205-86D803011351}
2014-07-21 11:23 - 2014-07-21 11:23 - 02090496 _____ (Farbar) C:\Users\Joyce\Downloads\FRST64.exe
2014-07-21 10:56 - 2014-07-09 17:17 - 00000911 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-21 10:56 - 2014-07-09 17:17 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-21 10:55 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 08:52 - 2006-11-02 08:42 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 08:35 - 2013-02-17 14:07 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-20 17:13 - 2014-07-20 17:07 - 00007764 _____ () C:\Users\Joyce\Downloads\hijackthis.log
2014-07-20 17:06 - 2014-07-20 17:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Joyce\Downloads\HijackThis.exe
2014-07-20 16:55 - 2013-04-30 15:19 - 00401184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 16:32 - 2014-07-20 16:32 - 00001140 _____ () C:\Windows\PFRO.log
2014-07-20 16:28 - 2008-12-06 00:14 - 00000000 ____D () C:\Users\Joyce
2014-07-20 16:27 - 2014-07-20 16:27 - 00000371 _____ () C:\Users\Joyce\Desktop\Downloads.lnk
2014-07-20 16:26 - 2014-07-20 16:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Downloads\tdsskiller.exe
2014-07-20 16:25 - 2014-07-20 16:25 - 05561612 _____ (Swearware) C:\Users\Joyce\Downloads\ComboFix.exe
2014-07-20 15:07 - 2013-04-28 18:06 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Microsoft Help
2014-07-20 14:18 - 2013-02-17 14:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-20 14:17 - 2013-02-17 14:07 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-07-20 14:17 - 2013-02-17 14:07 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-07-20 14:17 - 2013-02-17 14:07 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-07-20 11:32 - 2014-07-20 11:26 - 00002480 _____ () C:\Windows\logboot_20.07.2014.tureg.log
2014-07-20 11:32 - 2006-11-02 05:33 - 91750400 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 62390272 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 40894464 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 00786432 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-07-20 11:32 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-07-20 11:25 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-07-20 10:26 - 2014-07-20 10:26 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-07-17 09:44 - 2013-04-29 14:13 - 00002609 _____ () C:\Users\Joyce\Desktop\Microsoft Office Excel 2007.lnk
2014-07-17 08:15 - 2012-09-04 08:36 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 18:28 - 2008-12-06 00:14 - 00000732 _____ () C:\Users\Joyce\AppData\Local\d3d9caps64.dat
2014-07-14 18:14 - 2014-07-14 18:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-14 17:46 - 2014-07-14 17:46 - 00003720 _____ () C:\Windows\System32\Tasks\Joyce Merge
2014-07-14 17:46 - 2014-07-14 17:46 - 00003704 _____ () C:\Windows\System32\Tasks\Joyce
2014-07-09 17:17 - 2013-02-17 14:07 - 00001024 _____ () C:\.rnd
2014-07-09 16:32 - 2014-02-05 19:08 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 16:31 - 2014-02-05 19:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 16:31 - 2014-02-05 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 16:23 - 2006-11-02 08:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 17:05 - 2013-08-14 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 17:04 - 2006-11-02 05:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 17:03 - 2013-04-28 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-05 15:17 - 2014-05-30 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-05 15:17 - 2013-02-17 14:35 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-05 15:17 - 2013-02-17 14:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-01 12:49 - 2014-05-01 14:43 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014
2014-06-21 06:54 - 2012-09-04 08:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 06:54 - 2012-09-04 08:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 11:04

==================== End Of Log ============================

 

Eset completed after almost 2 hours with nothing found so apparently there's no logfile.

 

Re question how running, I guess we won't know until a few days go by and we hopefully have no more outbounds.

 

BTW, what was it that the fixit likely removed?  Adware or some such?  And we presume, that was the source of the outbound?

 

Thanks for your time on this today, we really appreciate it.  We'll let you know if anything further occurs.

 

Best,

 

eno



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:44 AM

Posted 22 July 2014 - 12:12 AM

Hello,
in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

Edited by Machiavelli, 22 July 2014 - 12:13 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 pizzafoundry

pizzafoundry
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 22 July 2014 - 06:16 PM

Haven't run the 'remove' stuff yet but she just alerted me to two more popups from Malwarebytes.

They both have the same IP address, 88.198.132.3, both port 0,

one shows 'dogsecret.usa.cc', the other shows 'hotrecipes.usa.cc'.

 

Unfortunately I don't have the time to run through all the stuff we did yesterday, again.  Any other thoughts?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users