Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive infection - PUPs, Trojan, ZEROACCESS rootkit - Can't get system clean


  • This topic is locked This topic is locked
33 replies to this topic

#1 9001M

9001M

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 17 October 2014 - 01:36 PM

Hi, I have a system which was seriously infested with all kinds of malware:

 

MBAM - over 1200 PUPs, along with Trojan.Downloader, Adware.Linkular, Rogue.Multiple

Rkill and RogueKiller - ZEROACCESS rootkit

AdwCleaner - over 300 issues found in pretty much every category

Additional issues also found by JRT, HitmanPro

 

Beyond that, the registry has been messed with, causing the Windows Firewall to be completely disabled along with several other services.

 

I've gotten most of the malware cleaned out and have successfully restored the Win Firewall, but I seem to be at a stalemate and am thrashing.  I'm worried there is additional malicious SW lurking in there that I can't find.

 

HELP!

 

Below is the DDS log, and I've attached the attach.txt file.

 

Thanks!

 

Steve

----------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by Joyce at 6:44:58 on 2014-10-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.9655.7139 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.yahoo.com/
mStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [IDMSQ] C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SENDORI TRAY] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{274BA4B5-3B60-494F-8633-C95360D70B40} : DHCPNameServer = 10.0.0.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
x64-mStart Page = hxxp://www.google.com
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-TB: m Playfin.com Search.us.com Toolbar: {39EF84C8-7611-4033-A004-AF9E99810F1D} -
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-10-26 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-10-26 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-19 241152]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2014-10-13 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2014-10-8 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-12-27 72216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 125584]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-10-26 102528]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-10-26 219776]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-10-26 104048]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-10-26 1582144]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 SrvHsfPCIe;SrvHsfPCIe;C:\Windows\System32\drivers\VSTBS36.SYS [2009-7-13 287744]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-10-26 54400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;"C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe" "Start=service" --> C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [?]
S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-14 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-27 1255736]
.
=============== Created Last 30 ================
.
2014-10-17 08:15:09 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86EDDF55-7978-4259-9345-C67A413B7F42}\offreg.dll
2014-10-17 08:14:44 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86EDDF55-7978-4259-9345-C67A413B7F42}\mpengine.dll
2014-10-16 07:59:38 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-16 05:05:57 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85D26ECD-C7F6-4709-A98E-8AEDA3D0C581}\gapaengine.dll
2014-10-16 05:04:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-10-16 05:04:25 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-10-16 04:04:57 -------- d-----w- C:\ProgramData\HitmanPro
2014-10-16 02:10:16 -------- d-----w- C:\Windows\ERUNT
2014-10-16 01:55:50 -------- d-----w- C:\AdwCleaner
2014-10-16 01:16:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 00:02:05 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Malwarebytes
2014-10-16 00:01:59 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-16 00:01:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-16 00:01:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-15 23:13:22 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-15 23:13:21 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-15 17:32:02 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF9AB3EB-AAF5-4763-AEE3-83AB12CF68EF}\mpengine.dll
2014-10-14 23:24:24 -------- d-----w- C:\Users\Joyce\AppData\Local\LogMeIn
2014-10-14 21:48:25 -------- d-----w- C:\Users\Joyce\AppData\Roaming\TuneUp Software
2014-10-14 21:47:47 -------- d--h--w- C:\$AVG
2014-10-14 21:47:47 -------- d-----w- C:\ProgramData\AVG2015
2014-10-14 21:45:28 -------- d-----w- C:\Users\Joyce\AppData\Local\MFAData
2014-10-14 21:45:28 -------- d-----w- C:\ProgramData\MFAData
2014-10-14 21:44:01 -------- d--h--w- C:\ProgramData\Common Files
2014-10-14 21:44:01 -------- d-----w- C:\ProgramData\Avg
2014-10-14 21:44:01 -------- d-----w- C:\Program Files (x86)\AVG
2014-10-14 21:43:46 -------- d-----w- C:\Users\Joyce\AppData\Local\AvgSetupLog
2014-10-14 21:43:46 -------- d-----w- C:\Users\Joyce\AppData\Local\Avg
2014-10-14 21:19:13 -------- d-----w- C:\Program Files (x86)\ROyalShoPPperApp
2014-10-14 21:19:02 -------- d-----w- C:\ProgramData\PDFC
2014-10-14 20:46:21 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-14 20:46:12 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-14 20:46:12 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-14 20:46:12 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-14 20:46:11 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-14 20:46:11 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-14 20:46:11 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-14 20:43:13 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 20:43:13 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 20:43:11 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-14 20:43:11 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-14 20:40:08 707728 ----a-w- C:\Program Files (x86)\gtUninstall GamingWonderland.dll
2014-10-14 20:40:08 178720 ----a-w- C:\Program Files (x86)\gtres.dll
2014-10-14 20:17:51 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-30 20:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 20:40:50 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-23 22:39:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 22:39:35 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-14 02:45:28 107392 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-10-14 02:45:16 35688 ----a-w- C:\Windows\System32\LMIport.dll
2014-10-14 02:45:14 92520 ----a-w- C:\Windows\System32\LMIinit.dll
2014-10-08 23:30:36 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2014-10-08 23:30:34 35616 ----a-w- C:\Windows\System32\lmimirr.dll
2014-10-08 23:30:34 14624 ----a-w- C:\Windows\System32\lmimirr2.dll
2014-10-08 23:30:34 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 17:34:17 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 17:34:17 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-25 17:34:14 3675824 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-16 14:20:56 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2014-09-16 14:20:56 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 09:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
.
============= FINISH:  6:45:15.22 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 AM

Posted 19 October 2014 - 02:19 PM

MBAM - over 1200 PUPs, along with Trojan.Downloader, Adware.Linkular, Rogue.Multiple
Rkill and RogueKiller - ZEROACCESS rootkit
AdwCleaner - over 300 issues found in pretty much every category
Additional issues also found by JRT, HitmanPro

I need the logs.

MBAM Log Export
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.
RogueKiller Log Export

Post the RKreport.txt into your next reply.

Adwarecleaner Log Export

The log can be found in here: C:\AdwCleaner\. Please post the log.

JRT Log Export

Post the JRT.txt into your next reply.

 

Please download FRST (by Farbar) from the link below and save it to your Desktop.


Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 October 2014 - 07:03 PM

Hi Machiavelli,

 

Thanks for taking this one on for me!

 

I've attached all of the logs from MBAM, RogueKiller, AdwCleaner and JRT.  Since I ran multiples of the first three (some in Safe Mode), I've attached them as .zip files - hope that's ok...

 

NOTE:  The MBAM I'm using is the 1.75 version.

 

Here are the FRST logs:

 

--------------------------------------------------------------------

FRST.txt

--------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Joyce (administrator) on JOYCE-HPDESKTOP on 19-10-2014 16:53:13
Running from C:\Users\Joyce\Desktop
Loaded Profile: Joyce (Available profiles: Joyce & LogMeInRemoteUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-13] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-08] (LogMeIn, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SENDORI TRAY] => "C:\Program Files (x86)\Sendori\SendoriTray.exe"
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-2384072416-2855680744-792196797-1000\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - m Playfin.com Search.us.com Toolbar - {39EF84C8-7611-4033-A004-AF9E99810F1D} - C:\Users\Joyce\AppData\Local\TNT2\Profiles\10287\passport64.dll No File
Toolbar: HKCU - m Playfin.com Search.us.com Toolbar - {39EF84C8-7611-4033-A004-AF9E99810F1D} - C:\Users\Joyce\AppData\Local\TNT2\Profiles\10287\passport64.dll No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Joyce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\anllaofeeadeggfpiaicgkioibfbjepe [2014-09-04]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffnepgjlfiinpkplhjmehkdhnaaongdk [2014-10-10]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccankbfoldbmopamiokjlnnafnoiadd [2014-08-23]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemkajilcj [2014-09-20]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdeckpdenbhnnimkilldfdiohhejcmma [2012-12-29]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnggipjiafeklgjdclhhkeefdebipmm [2014-08-23]
CHR HKLM-x32\...\Chrome\Extension: [mdeckpdenbhnnimkilldfdiohhejcmma] - C:\Users\Joyce\AppData\Local\TidyNetwork.com\tidy.crx []
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Joyce\AppData\Roaming\IDMSQ\IDMSQ.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-13] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-13] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2011-12-13] (IDT, Inc.) [File not signed]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-08] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 16:53 - 2014-10-19 16:53 - 00013546 _____ () C:\Users\Joyce\Desktop\FRST.txt
2014-10-19 16:52 - 2014-10-19 16:53 - 00000000 ____D () C:\FRST
2014-10-19 16:51 - 2014-10-19 16:50 - 02112512 _____ (Farbar) C:\Users\Joyce\Desktop\FRST64.exe
2014-10-17 06:45 - 2014-10-17 06:45 - 00019232 _____ () C:\Users\Joyce\Desktop\dds.txt
2014-10-17 06:45 - 2014-10-17 06:45 - 00007799 _____ () C:\Users\Joyce\Desktop\attach.txt
2014-10-17 06:44 - 2014-10-17 06:44 - 00688992 ____R (Swearware) C:\Users\Joyce\Desktop\dds.com
2014-10-16 16:36 - 2014-10-16 16:37 - 15725144 _____ () C:\Users\Joyce\Desktop\RogueKiller.exe
2014-10-15 22:04 - 2014-10-15 22:04 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-15 22:04 - 2014-10-15 22:04 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-15 22:04 - 2014-10-15 22:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-15 21:04 - 2014-10-15 21:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-15 21:04 - 2014-10-15 21:06 - 11194928 _____ (SurfRight B.V.) C:\Users\Joyce\Desktop\HitmanPro_x64.exe
2014-10-15 19:11 - 2014-10-15 19:11 - 00001847 _____ () C:\Users\Joyce\Desktop\JRT.txt
2014-10-15 19:10 - 2014-10-15 19:10 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 18:55 - 2014-10-15 20:57 - 00000000 ____D () C:\AdwCleaner
2014-10-15 18:16 - 2014-10-15 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 17:02 - 2014-10-15 17:02 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\Malwarebytes
2014-10-15 17:01 - 2014-10-15 17:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-15 17:01 - 2014-10-15 17:01 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-15 17:01 - 2014-10-15 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-15 17:01 - 2014-10-15 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-15 17:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 16:13 - 2014-10-17 06:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-15 16:12 - 2014-10-15 16:12 - 00000000 ____D () C:\Users\Joyce\Documents\IT Files
2014-10-15 16:11 - 2014-10-16 16:22 - 00002272 _____ () C:\Users\Joyce\Desktop\Rkill.txt
2014-10-15 16:11 - 2014-10-15 16:07 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Joyce\Desktop\mbam-setup-1.75.0.1300.exe
2014-10-15 16:11 - 2014-10-15 16:07 - 01976320 _____ () C:\Users\Joyce\Desktop\AdwCleaner.exe
2014-10-15 16:11 - 2014-10-15 16:07 - 01705698 _____ (Thisisu) C:\Users\Joyce\Desktop\JRT.exe
2014-10-15 16:11 - 2014-10-15 16:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Desktop\tdsskiller.exe
2014-10-15 16:11 - 2014-10-15 16:03 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Joyce\Desktop\rkill.scr
2014-10-15 16:11 - 2014-10-06 20:30 - 00000059 _____ () C:\Users\Joyce\Desktop\ESET.txt
2014-10-14 16:49 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-14 16:40 - 2014-10-14 16:40 - 15722448 _____ (AVG Technologies) C:\Users\Joyce\Downloads\avg_gsr_stb_all_329p1_100 (1).exe
2014-10-14 16:38 - 2014-10-14 16:39 - 15722448 _____ (AVG Technologies) C:\Users\Joyce\Downloads\avg_gsr_stb_all_329p1_100.exe
2014-10-14 16:38 - 2014-10-14 16:38 - 00001290 _____ () C:\Users\Joyce\Desktop\dfrgui.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-14 16:31 - 2014-10-14 16:31 - 01057488 _____ (Adobe) C:\Users\Joyce\Downloads\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
2014-10-14 16:24 - 2014-10-14 16:24 - 00000000 ____D () C:\Users\Joyce\AppData\Local\LogMeIn
2014-10-14 14:48 - 2014-10-14 14:48 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\TuneUp Software
2014-10-14 14:47 - 2014-10-14 17:14 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-14 14:47 - 2014-10-14 14:47 - 00000000 ___HD () C:\$AVG
2014-10-14 14:45 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 14:45 - 2014-10-14 14:45 - 00000000 ____D () C:\Users\Joyce\AppData\Local\MFAData
2014-10-14 14:44 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\Avg
2014-10-14 14:44 - 2014-10-15 09:15 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-14 14:43 - 2014-10-14 17:17 - 00000000 ____D () C:\Users\Joyce\AppData\Local\AvgSetupLog
2014-10-14 14:43 - 2014-10-14 14:53 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Avg
2014-10-14 14:19 - 2014-10-14 14:19 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-14 14:19 - 2014-10-14 14:19 - 00000000 ____D () C:\Program Files (x86)\ROyalShoPPperApp
2014-10-14 13:46 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 13:46 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 13:46 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 13:46 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 13:45 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 13:45 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 13:45 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 13:45 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 13:45 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 13:45 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 13:45 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 13:45 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 13:45 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 13:45 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 13:45 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 13:45 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 13:45 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 13:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 13:45 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 13:45 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 13:45 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 13:45 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 13:45 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 13:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 13:45 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 13:45 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 13:45 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 13:45 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 13:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 13:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 13:44 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 13:44 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 13:44 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 13:44 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 13:44 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 13:44 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 13:44 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 13:44 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 13:44 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 13:44 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 13:44 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 13:44 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 13:44 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 13:44 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 13:44 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 13:44 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 13:44 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 13:44 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 13:44 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 13:44 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 13:44 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 13:44 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 13:44 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 13:44 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 13:44 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 13:44 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 13:44 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 13:44 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 13:44 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 13:44 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 13:44 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 13:44 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 13:44 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 13:44 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 13:44 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 13:44 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 13:44 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 13:44 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 13:44 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 13:44 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 13:44 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 13:44 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 13:44 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 13:44 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 13:44 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 13:44 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 13:44 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 13:44 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 13:44 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 13:44 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 13:43 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 13:43 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 13:43 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 13:43 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 13:42 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 13:42 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 13:42 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 13:42 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 13:42 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 13:42 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 13:42 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 13:42 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 13:40 - 2012-12-28 17:36 - 00707728 _____ (MindSpark) C:\Program Files (x86)\gtUninstall GamingWonderland.dll
2014-10-14 13:40 - 2012-12-28 17:36 - 00178720 _____ () C:\Program Files (x86)\gtres.dll
2014-10-14 13:17 - 2014-10-14 13:17 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-14 13:17 - 2014-10-14 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-14 13:17 - 2014-10-14 13:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-06 09:17 - 2014-10-06 09:17 - 00141431 _____ () C:\Users\Joyce\Downloads\imIAAAJ3VCxmtwAAAAaObR4&cred=h81TA_GFd1Oadd1QkAsmfCpM8Oydntpn2NEUhEhYsz8roKc-&ts=1412612275&partner=ymail&sig=LcFSAQ0GPSnmDoU1SfG.6w--
2014-10-03 15:25 - 2014-10-03 15:25 - 00141346 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=zrj80VNzlU6KEffyFQN2Rw2WIkJfxRCUOtNUYepNZr4aPa8-&ts=1412375109&partner=ymail&sig=eaqTEBG1P7Kz3RoJIzqiPg--
2014-10-03 15:11 - 2014-10-03 15:11 - 00141303 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=JJI78bsyqE7rCL8j4SUhFSdA1_vxjQ3dyfVoW8XqvdkuSYQ-&ts=1412374276&partner=ymail&sig=xlrGUA7Xnh1eXHaHlpsxQA--
2014-10-03 15:07 - 2014-10-03 15:07 - 00141127 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=Fr6cud4DqU7ODN48FiCsYlNO1Wo2M2MxFN2Oq0JuHFLLK10-&ts=1412374069&partner=ymail&sig=PLtCk_32Lk5j72eqZnB1Ng--
2014-10-01 13:36 - 2014-10-01 13:36 - 00000000 _____ () C:\Users\Joyce\Downloads\push
2014-09-30 13:40 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 13:40 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 20:12 - 2014-09-29 20:12 - 00000000 _____ () C:\Users\Joyce\Downloads\beacon(1)
2014-09-24 10:18 - 2014-10-14 16:21 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-23 15:39 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 16:44 - 2012-12-27 14:29 - 01900992 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 16:38 - 2012-12-29 12:41 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 16:34 - 2013-04-06 12:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 10:38 - 2012-12-29 12:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 00:00 - 2012-12-27 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-17 06:50 - 2012-12-27 16:30 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-17 06:50 - 2012-12-27 16:29 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Citrix
2014-10-17 06:38 - 2014-06-10 09:27 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-10-17 06:38 - 2014-01-22 16:10 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-17 06:36 - 2012-12-27 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-10-16 16:08 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 16:08 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 16:01 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 16:01 - 2009-07-13 21:51 - 00054312 _____ () C:\Windows\setupact.log
2014-10-16 16:00 - 2012-10-26 18:50 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-10-16 15:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 09:48 - 2012-12-27 14:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{390EC1BB-9729-4264-A12F-BB87D1044D24}
2014-10-15 23:19 - 2010-11-20 20:47 - 00934314 _____ () C:\Windows\PFRO.log
2014-10-15 22:06 - 2012-12-27 15:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-15 21:06 - 2009-07-13 22:13 - 00782280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 20:02 - 2012-12-29 12:35 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-15 20:02 - 2012-10-26 18:47 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-15 19:32 - 2012-12-29 00:19 - 00000000 ____D () C:\Users\Joyce\AppData\Local\CrashDumps
2014-10-15 10:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-15 10:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 09:17 - 2012-12-27 14:28 - 00000000 ____D () C:\Users\Joyce
2014-10-15 09:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 16:37 - 2012-12-27 16:21 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-10-14 16:36 - 2012-12-27 16:14 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-14 16:24 - 2014-08-25 14:37 - 00000000 ____D () C:\Users\Joyce\AppData\Local\SWDS
2014-10-14 16:21 - 2014-07-21 16:00 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\IDM2
2014-10-14 16:21 - 2012-10-26 18:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-10-14 16:21 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-14 16:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-14 16:20 - 2012-12-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-14 16:20 - 2012-12-29 12:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-14 16:20 - 2012-12-29 12:32 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Google
2014-10-14 16:20 - 2012-10-26 18:47 - 00000000 ____D () C:\ProgramData\CyberLink
2014-10-14 16:20 - 2012-10-26 18:46 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-10-14 16:20 - 2012-10-26 18:42 - 00000000 ____D () C:\ProgramData\Temp
2014-10-14 16:20 - 2012-10-26 18:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-14 14:20 - 2014-08-23 11:26 - 00000000 ____D () C:\ProgramData\6169a781ee24c765
2014-10-14 14:19 - 2012-10-26 18:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-10-14 14:10 - 2009-07-13 21:45 - 00275656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 14:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 14:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 14:00 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 13:56 - 2012-12-27 15:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 13:18 - 2014-05-26 16:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-13 19:45 - 2012-12-27 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-10-13 19:45 - 2012-12-27 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-10-13 19:45 - 2012-12-27 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-10-08 16:30 - 2012-12-27 16:26 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-10-08 16:30 - 2012-11-29 12:56 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr.dll
2014-10-08 16:30 - 2012-11-29 12:56 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr2.dll
2014-10-08 16:30 - 2012-11-29 12:56 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys
2014-09-25 10:34 - 2013-05-14 15:35 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-25 10:34 - 2013-04-06 12:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 10:34 - 2013-04-06 12:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 10:34 - 2012-10-26 18:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:38 - 2014-06-28 13:57 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-22 08:38 - 2014-06-28 13:57 - 00000000 ____D () C:\Windows\system32\tprb

Files to move or delete:
====================
C:\Users\Joyce\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\Joyce\AppData\Local\Temp\air41D7.exe
C:\Users\Joyce\AppData\Local\Temp\air45E6.exe
C:\Users\Joyce\AppData\Local\Temp\air6A29.exe
C:\Users\Joyce\AppData\Local\Temp\airC0B5.exe
C:\Users\Joyce\AppData\Local\Temp\APNSetup.exe
C:\Users\Joyce\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joyce\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Joyce\AppData\Local\Temp\enhdmdqy.dll
C:\Users\Joyce\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Joyce\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Joyce\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Joyce\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Joyce\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Joyce\AppData\Local\Temp\optprosetup.exe
C:\Users\Joyce\AppData\Local\Temp\p7exm9lp.dll
C:\Users\Joyce\AppData\Local\Temp\pnE23.exe
C:\Users\Joyce\AppData\Local\Temp\Runner.exe
C:\Users\Joyce\AppData\Local\Temp\sqlite3.dll
C:\Users\Joyce\AppData\Local\Temp\wget.exe
C:\Users\Joyce\AppData\Local\Temp\_4491.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:42

==================== End Of Log ============================

 

--------------------------------------------------------------------

Addition.txt

--------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by Joyce at 2014-10-19 16:53:46
Running from C:\Users\Joyce\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Out of date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Out of date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70120.2218 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
ASPCA Reminder by We-Care.com v4.1.21.1 (HKLM-x32\...\{A6558E2A-FAF9-4570-AA49-6328D0354517}) (Version: 4.1.21.1 - We-Care.com)
Bejeweled Deluxe 1.87 (HKLM-x32\...\Bejeweled Deluxe 1.87) (Version:  - )
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )
Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) Hidden
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
FlashPlayer (HKLM-x32\...\{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}) (Version: 1.6.8 - Tuguu SL) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6374.0 - IDT)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Jewel Quest - Sleepless Star (HKLM-x32\...\{F9F6CF4F-4CA5-498C-AE20-99A0C2B60918}) (Version: 1.00.0000 - Valusoft)
Jewel Quest (HKLM-x32\...\{9B0DA03A-8334-4127-B788-CC44F2F462DB}) (Version: 1.00.0000 - Valusoft)
Jewel Quest Heritage (HKLM-x32\...\{EAFE6D16-60E4-49A6-ACAC-34CB37E95FB7}) (Version: 1.00.0000 - Valusoft)
Jewel Quest Mysteries 4 - The Oracle of Ur (HKLM-x32\...\{45DDA29C-72F6-4A39-ACC2-3A71634D8D89}) (Version: 1.00.0000 - Valusoft)
Jewel Quest Mysteries The Seventh Gate (HKLM-x32\...\{B148FE2E-37F2-4357-A332-ACA289CA5320}) (Version: 1.00.0000 - Valusoft)
Jewel Quest Mysteries Trail of the Midnight Heart (HKLM-x32\...\{305706E3-A7FC-466F-8594-AD4522951418}) (Version: 1.00.0000 - Valusoft)
Jewel Quest Solitaire 2 (HKLM-x32\...\{ABA496C5-81F7-4B91-A347-A70FE48C116B}) (Version: 1.00.0000 - Valusoft)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LogMeIn (HKLM-x32\...\{697E7F08-CB6F-442A-83CD-D44F54654272}) (Version: 4.1.4634 - LogMeIn, Inc.)
LogMeIn (HKLM-x32\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
Pure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Strongvault Online Backup (HKLM-x32\...\{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}) (Version: 1.0.1.0 - Strongvault) <==== ATTENTION
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Sapphire Dragon (HKLM-x32\...\{CA17EC51-8429-4E6E-B5A6-4FDFCA91C475}) (Version: 1.00.0000 - Valusoft)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2384072416-2855680744-792196797-1000_Classes\CLSID\{39EF84C8-7611-4033-A004-AF9E99810F1D}\InprocServer32 -> C:\Users\Joyce\AppData\Local\TNT2\Profiles\10287\passport64.dll No File

==================== Restore Points  =========================

15-10-2014 01:07:30 Restore Operation
16-10-2014 03:02:49 Quitado FlashPlayer
16-10-2014 03:03:19 Quitado FlashPlayer
16-10-2014 03:04:26 Removed Visual Studio 2012 x64 Redistributables
16-10-2014 03:04:47 Removed Visual Studio 2012 x86 Redistributables
16-10-2014 22:38:49 Windows Live Essentials
16-10-2014 22:39:21 WLSetup
17-10-2014 13:35:50 Installed LogMeIn

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-15 16:21 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02A8C513-EC71-4A99-B9D2-D48982FF8A5B} - System32\Tasks\bench-S-1-5-21-2384072416-2855680744-792196797-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {05B1E4B1-BCFE-4B67-9207-C862E3649CA1} - System32\Tasks\{7D450592-FB78-4E23-83CA-E4C163341037} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {0E81D164-01C7-46E5-8912-4D1AF70781B9} - System32\Tasks\{7B8CB96F-A2E6-42FD-A2C0-C90A20F90753} => C:\Program Files (x86)\Jewel Quest Heritage\JewelQuestHeritage.exe [2010-02-19] (iWin)
Task: {0FEAAD46-A7B9-4D8F-9A28-10D36FDF658A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {1539BD71-535C-4A0A-998B-98080145F07B} - System32\Tasks\{0A21E664-599E-457D-97F1-044B8084E6B7} => C:\Program Files (x86)\Jewel Quest\JewelQuest.exe [2008-09-11] ()
Task: {169A3C38-ED73-4AEB-9135-62B8F18A05C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {1E424089-9835-45E8-B48C-D5B348F351DD} - System32\Tasks\{C0C0C74B-A5D2-460A-9564-C62AF2B7AC1E} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {2CF3EF54-DEDD-4177-8B16-CAADF677C04A} - System32\Tasks\{8808167D-7A95-4FC5-9DF5-E3A63C331ABE} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {377091D9-6C8D-42D4-B1FF-971224709190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {39EAF6F0-DAAC-4B28-A9A9-34FB9CB96517} - System32\Tasks\{BDDE6DC6-DB12-464D-A016-CAB1997E431E} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {3D64C10C-3F93-4F2B-BF33-219F74C1050A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {45BE02A9-D76B-4147-B0F2-FA91CE444AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {8440E85F-1526-48C3-9BEF-BDD537D32826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {867425F2-3368-4137-850B-2558224CC343} - System32\Tasks\{A28E3C4B-4726-4697-8433-09B813C940A6} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {8BAED086-91D9-45C5-8CDD-225E7026A684} - System32\Tasks\{981893FC-9D6F-4C1D-A325-70C33B629B9C} => C:\Program Files (x86)\Jewel Quest Heritage\JewelQuestHeritage.exe [2010-02-19] (iWin)
Task: {9B8012DA-C0FE-4DF8-A45F-21C1825FC0DF} - System32\Tasks\{7870F980-9A5C-41D7-AF08-DFCAAC17BC95} => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe
Task: {9F553AAD-1C94-4859-AA11-EC098C92EB17} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {9FF2C653-20F6-49E7-BDAC-DCE96DBB731D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {B489BCC2-291E-474E-A40D-1F8ADEC02F78} - System32\Tasks\{E0A45BCF-1C39-418D-A056-71BFF48ECFF0} => C:\Program Files (x86)\Right Backup\RightBackup.exe
Task: {BF1ECE0C-C9E1-407B-AEB5-B976ADC2C00C} - System32\Tasks\{0C221228-4CEA-4DAF-8A08-C768A81746E1} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {C99345E5-7DF0-492F-96BC-C549E4EEAF83} - System32\Tasks\{F8B36166-0A00-441B-908B-8EAEC1192AE2} => C:\Program Files (x86)\Right Backup\RightBackup.exe
Task: {F69A7FDC-ED0B-4C41-86EE-D8B572B588FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-20 22:13 - 2012-01-20 22:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-02 14:03 - 2011-11-02 14:03 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70033239.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70033239.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2384072416-2855680744-792196797-500 - Administrator - Disabled)
Guest (S-1-5-21-2384072416-2855680744-792196797-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2384072416-2855680744-792196797-1003 - Limited - Enabled)
Joyce (S-1-5-21-2384072416-2855680744-792196797-1000 - Administrator - Enabled) => C:\Users\Joyce
LogMeInRemoteUser (S-1-5-21-2384072416-2855680744-792196797-1001 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2014 08:04:20 PM) (Source: MsiInstaller) (EventID: 11721) (User: Joyce-HPDesktop)
Description: Product: Strongvault Online Backup -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: AI_UPDATER_UNINSTALL, location: C:\Program Files (x86)\Strongvault Online Backup\updater.exe, command: /clean silent

Error: (10/15/2014 08:03:47 PM) (Source: MsiInstaller) (EventID: 11001) (User: Joyce-HPDesktop)
Description: Producto: FlashPlayer -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/15/2014 08:03:12 PM) (Source: MsiInstaller) (EventID: 11001) (User: Joyce-HPDesktop)
Description: Producto: FlashPlayer -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/15/2014 07:32:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: msi.dll, version: 5.0.7601.18604, time stamp: 0x541a3cbf
Exception code: 0xc0000005
Fault offset: 0x00000000001f0fc6
Faulting process id: 0x554
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

System errors:
=============
Error: (10/19/2014 04:11:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 113.5.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 04:11:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.3495.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 04:11:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.3495.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 04:11:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.3495.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 04:11:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 113.5.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 04:11:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.3495.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 04:11:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.3495.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 04:11:38 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.3495.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 01:13:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 113.5.0.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/19/2014 01:13:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.3495.0

 Update Source: %NT AUTHORITY51

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\NETWORK SERVICE

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Microsoft Office Sessions:
=========================
Error: (10/15/2014 08:04:20 PM) (Source: MsiInstaller) (EventID: 11721) (User: Joyce-HPDesktop)
Description: Product: Strongvault Online Backup -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: AI_UPDATER_UNINSTALL, location: C:\Program Files (x86)\Strongvault Online Backup\updater.exe, command: /clean silent (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/15/2014 08:03:47 PM) (Source: MsiInstaller) (EventID: 11001) (User: Joyce-HPDesktop)
Description: Producto: FlashPlayer -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/15/2014 08:03:12 PM) (Source: MsiInstaller) (EventID: 11001) (User: Joyce-HPDesktop)
Description: Producto: FlashPlayer -- Error 1001. Error 1001. Exception occurred while initializing the installation:
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Program Files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe' or one of its dependencies. The system cannot find the file specified..(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/15/2014 07:32:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4msi.dll5.0.7601.18604541a3cbfc000000500000000001f0fc655401cfe8e949a86c7fC:\Windows\Explorer.EXEC:\Windows\system32\msi.dll9ec5e46d-54dc-11e4-9238-78e3b5ae75b8

==================== Memory info ===========================

Processor: AMD A8-5500 APU with Radeon™ HD Graphics
Percentage of memory in use: 26%
Total physical RAM: 9654.97 MB
Available physical RAM: 7118.97 MB
Total Pagefile: 19308.12 MB
Available Pagefile: 17136.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.39 GB) (Free:864.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:10.9 GB) (Free:1.34 GB) NTFS
Drive j: (LAZESOFT) (Removable) (Total:7.59 GB) (Free:7.34 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A8CC6FF)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.6 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0B)

==================== End Of Log ============================

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 AM

Posted 19 October 2014 - 11:51 PM

Very well.

 

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:
  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.
I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

 

First,
Please uninstall:-

- Strongvault Online Backup

Next,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Next,
Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 October 2014 - 01:35 AM

I was afraid of that...

 

As far as I know, my customer only uses this system to play games and do email.  I don't think she does any online banking or purchasing with this system.

 

I'll present the options to her tomorrow and get back with you on whether we'll go with rebuilding or taking a shot at cleaning the infection.

 

Is there any way we can possibly trace the source(s) of her infection(s)?

 

Thanks again!

 

Steve 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 AM

Posted 20 October 2014 - 06:57 AM

OK.

Is there any way we can possibly trace the source(s) of her infection(s)?

No, not really.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 October 2014 - 11:11 AM

If we decide to go with a rebuild, do you think it's safe to rebuild using the recovery partition of the infected PC?



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 AM

Posted 20 October 2014 - 01:09 PM

Should be OK.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 October 2014 - 02:06 PM

Ok, she has opted to go with cleaning the system as is, rather than rebuild (I confirmed she never uses this system for any commercial transactions).

 

As instructed, I uninstalled Strongvault Online Backup (had to use MS FixIt tool).

 

Following are the requested logs:

- Fixlog.txt
- FRST.txt
- FSS.txt

 

NOTE:  I also attached the Addition.txt log produced by the FRST scan...

--------------------------------------------------------------------------------------------------

Fixlog.txt

--------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014
Ran by Joyce at 2014-10-20 11:45:52 Run:2
Running from C:\Users\Joyce\Desktop
Loaded Profile: Joyce (Available profiles: Joyce & LogMeInRemoteUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys
Toolbar: HKLM - m Playfin.com Search.us.com Toolbar - {39EF84C8-7611-4033-A004-AF9E99810F1D} - C:\Users\Joyce\AppData\Local\TNT2\Profiles\10287\passport64.dll No File
Toolbar: HKCU - m Playfin.com Search.us.com Toolbar - {39EF84C8-7611-4033-A004-AF9E99810F1D} - C:\Users\Joyce\AppData\Local\TNT2\Profiles\10287\passport64.dll No File
Hosts: 127.0.0.1 localhost
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
2014-10-14 14:20 - 2014-08-23 11:26 - 00000000 ____D () C:\ProgramData\6169a781ee24c765
C:\Users\Joyce\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Joyce\AppData\Local\Temp\air41D7.exe
C:\Users\Joyce\AppData\Local\Temp\air45E6.exe
C:\Users\Joyce\AppData\Local\Temp\air6A29.exe
C:\Users\Joyce\AppData\Local\Temp\airC0B5.exe
C:\Users\Joyce\AppData\Local\Temp\APNSetup.exe
C:\Users\Joyce\AppData\Local\Temp\BackupSetup.exe
C:\Users\Joyce\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Joyce\AppData\Local\Temp\enhdmdqy.dll
C:\Users\Joyce\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Joyce\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Joyce\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Joyce\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Joyce\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Joyce\AppData\Local\Temp\optprosetup.exe
C:\Users\Joyce\AppData\Local\Temp\p7exm9lp.dll
C:\Users\Joyce\AppData\Local\Temp\pnE23.exe
C:\Users\Joyce\AppData\Local\Temp\Runner.exe
C:\Users\Joyce\AppData\Local\Temp\sqlite3.dll
C:\Users\Joyce\AppData\Local\Temp\wget.exe
C:\Users\Joyce\AppData\Local\Temp\_4491.exe
Task: {02A8C513-EC71-4A99-B9D2-D48982FF8A5B} - System32\Tasks\bench-S-1-5-21-2384072416-2855680744-792196797-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {9F553AAD-1C94-4859-AA11-EC098C92EB17} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
EmptyTemp:
*****************

HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key not found.
"HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{39EF84C8-7611-4033-A004-AF9E99810F1D} => Value not found.
"HKCR\CLSID\{39EF84C8-7611-4033-A004-AF9E99810F1D}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{39EF84C8-7611-4033-A004-AF9E99810F1D} => Value not found.
"HKCR\CLSID\{39EF84C8-7611-4033-A004-AF9E99810F1D}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget" => Key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
X5XSEx_Pr143 => Service not found.
"C:\ProgramData\6169a781ee24c765" => File/Directory not found.
"C:\Users\Joyce\g2ax_customer_downloadhelper_win32_x86.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\air41D7.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\air45E6.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\air6A29.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\airC0B5.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\dllnt_dump.dll" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\enhdmdqy.dll" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\MSETUP4.EXE" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\OptimizerPro.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\optprosetup.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\p7exm9lp.dll" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\pnE23.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\Runner.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\wget.exe" => File/Directory not found.
"C:\Users\Joyce\AppData\Local\Temp\_4491.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02A8C513-EC71-4A99-B9D2-D48982FF8A5B}" => Key not found.
C:\Windows\System32\Tasks\bench-S-1-5-21-2384072416-2855680744-792196797-1000 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-2384072416-2855680744-792196797-1000" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F553AAD-1C94-4859-AA11-EC098C92EB17}" => Key not found.
C:\Windows\System32\Tasks\0 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key not found.
"C:\ProgramData\Temp" => ":373E1720" ADS not found.
EmptyTemp: => Removed 8.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

--------------------------------------------------------------------------------------------------

FRST.txt

--------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Joyce (administrator) on JOYCE-HPDESKTOP on 20-10-2014 11:52:19
Running from C:\Users\Joyce\Desktop
Loaded Profile: Joyce (Available profiles: Joyce & LogMeInRemoteUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-13] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-08] (LogMeIn, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SENDORI TRAY] => "C:\Program Files (x86)\Sendori\SendoriTray.exe"
HKU\S-1-5-21-2384072416-2855680744-792196797-1000\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Joyce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\anllaofeeadeggfpiaicgkioibfbjepe [2014-09-04]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffnepgjlfiinpkplhjmehkdhnaaongdk [2014-10-10]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccankbfoldbmopamiokjlnnafnoiadd [2014-08-23]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemkajilcj [2014-09-20]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdeckpdenbhnnimkilldfdiohhejcmma [2012-12-29]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnggipjiafeklgjdclhhkeefdebipmm [2014-08-23]
CHR HKLM-x32\...\Chrome\Extension: [mdeckpdenbhnnimkilldfdiohhejcmma] - C:\Users\Joyce\AppData\Local\TidyNetwork.com\tidy.crx []
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Joyce\AppData\Roaming\IDMSQ\IDMSQ.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-13] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-13] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2011-12-13] (IDT, Inc.) [File not signed]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-08] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 11:39 - 2014-10-20 11:38 - 00415232 _____ (Farbar) C:\Users\Joyce\Desktop\FSS.exe
2014-10-20 11:32 - 2014-10-20 11:35 - 00000000 ____D () C:\MATS
2014-10-19 16:53 - 2014-10-20 11:52 - 00011966 _____ () C:\Users\Joyce\Desktop\FRST.txt
2014-10-19 16:52 - 2014-10-20 11:52 - 00000000 ____D () C:\FRST
2014-10-19 16:51 - 2014-10-19 16:50 - 02112512 _____ (Farbar) C:\Users\Joyce\Desktop\FRST64.exe
2014-10-17 06:44 - 2014-10-17 06:44 - 00688992 ____R (Swearware) C:\Users\Joyce\Desktop\dds.com
2014-10-16 16:36 - 2014-10-16 16:37 - 15725144 _____ () C:\Users\Joyce\Desktop\RogueKiller.exe
2014-10-15 22:04 - 2014-10-15 22:04 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-15 22:04 - 2014-10-15 22:04 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-15 22:04 - 2014-10-15 22:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-15 21:04 - 2014-10-15 21:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-15 21:04 - 2014-10-15 21:06 - 11194928 _____ (SurfRight B.V.) C:\Users\Joyce\Desktop\HitmanPro_x64.exe
2014-10-15 19:11 - 2014-10-15 19:11 - 00001847 _____ () C:\Users\Joyce\Desktop\JRT.txt
2014-10-15 19:10 - 2014-10-15 19:10 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 18:55 - 2014-10-15 20:57 - 00000000 ____D () C:\AdwCleaner
2014-10-15 18:16 - 2014-10-15 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 17:02 - 2014-10-15 17:02 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\Malwarebytes
2014-10-15 17:01 - 2014-10-15 17:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-15 17:01 - 2014-10-15 17:01 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-15 17:01 - 2014-10-15 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-15 17:01 - 2014-10-15 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-15 17:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 16:13 - 2014-10-17 06:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-15 16:12 - 2014-10-15 16:12 - 00000000 ____D () C:\Users\Joyce\Documents\IT Files
2014-10-15 16:11 - 2014-10-16 16:22 - 00002272 _____ () C:\Users\Joyce\Desktop\Rkill.txt
2014-10-15 16:11 - 2014-10-15 16:07 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Joyce\Desktop\mbam-setup-1.75.0.1300.exe
2014-10-15 16:11 - 2014-10-15 16:07 - 01976320 _____ () C:\Users\Joyce\Desktop\AdwCleaner.exe
2014-10-15 16:11 - 2014-10-15 16:07 - 01705698 _____ (Thisisu) C:\Users\Joyce\Desktop\JRT.exe
2014-10-15 16:11 - 2014-10-15 16:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Desktop\tdsskiller.exe
2014-10-15 16:11 - 2014-10-15 16:03 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Joyce\Desktop\rkill.scr
2014-10-15 16:11 - 2014-10-06 20:30 - 00000059 _____ () C:\Users\Joyce\Desktop\ESET.txt
2014-10-14 16:49 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-14 16:40 - 2014-10-14 16:40 - 15722448 _____ (AVG Technologies) C:\Users\Joyce\Downloads\avg_gsr_stb_all_329p1_100 (1).exe
2014-10-14 16:38 - 2014-10-14 16:39 - 15722448 _____ (AVG Technologies) C:\Users\Joyce\Downloads\avg_gsr_stb_all_329p1_100.exe
2014-10-14 16:38 - 2014-10-14 16:38 - 00001290 _____ () C:\Users\Joyce\Desktop\dfrgui.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-14 16:31 - 2014-10-14 16:31 - 01057488 _____ (Adobe) C:\Users\Joyce\Downloads\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
2014-10-14 16:24 - 2014-10-14 16:24 - 00000000 ____D () C:\Users\Joyce\AppData\Local\LogMeIn
2014-10-14 14:48 - 2014-10-14 14:48 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\TuneUp Software
2014-10-14 14:47 - 2014-10-14 17:14 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-14 14:47 - 2014-10-14 14:47 - 00000000 ___HD () C:\$AVG
2014-10-14 14:45 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 14:45 - 2014-10-14 14:45 - 00000000 ____D () C:\Users\Joyce\AppData\Local\MFAData
2014-10-14 14:44 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\Avg
2014-10-14 14:44 - 2014-10-15 09:15 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-14 14:43 - 2014-10-14 17:17 - 00000000 ____D () C:\Users\Joyce\AppData\Local\AvgSetupLog
2014-10-14 14:43 - 2014-10-14 14:53 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Avg
2014-10-14 14:19 - 2014-10-14 14:19 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-14 14:19 - 2014-10-14 14:19 - 00000000 ____D () C:\Program Files (x86)\ROyalShoPPperApp
2014-10-14 13:46 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 13:46 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 13:46 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 13:46 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 13:45 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 13:45 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 13:45 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 13:45 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 13:45 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 13:45 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 13:45 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 13:45 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 13:45 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 13:45 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 13:45 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 13:45 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 13:45 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 13:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 13:45 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 13:45 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 13:45 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 13:45 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 13:45 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 13:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 13:45 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 13:45 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 13:45 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 13:45 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 13:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 13:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 13:44 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 13:44 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 13:44 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 13:44 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 13:44 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 13:44 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 13:44 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 13:44 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 13:44 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 13:44 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 13:44 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 13:44 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 13:44 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 13:44 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 13:44 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 13:44 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 13:44 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 13:44 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 13:44 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 13:44 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 13:44 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 13:44 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 13:44 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 13:44 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 13:44 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 13:44 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 13:44 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 13:44 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 13:44 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 13:44 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 13:44 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 13:44 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 13:44 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 13:44 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 13:44 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 13:44 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 13:44 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 13:44 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 13:44 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 13:44 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 13:44 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 13:44 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 13:44 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 13:44 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 13:44 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 13:44 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 13:44 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 13:44 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 13:44 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 13:44 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 13:43 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 13:43 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 13:43 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 13:43 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 13:42 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 13:42 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 13:42 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 13:42 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 13:42 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 13:42 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 13:42 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 13:42 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 13:40 - 2012-12-28 17:36 - 00707728 _____ (MindSpark) C:\Program Files (x86)\gtUninstall GamingWonderland.dll
2014-10-14 13:40 - 2012-12-28 17:36 - 00178720 _____ () C:\Program Files (x86)\gtres.dll
2014-10-14 13:17 - 2014-10-14 13:17 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-14 13:17 - 2014-10-14 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-14 13:17 - 2014-10-14 13:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-06 09:17 - 2014-10-06 09:17 - 00141431 _____ () C:\Users\Joyce\Downloads\imIAAAJ3VCxmtwAAAAaObR4&cred=h81TA_GFd1Oadd1QkAsmfCpM8Oydntpn2NEUhEhYsz8roKc-&ts=1412612275&partner=ymail&sig=LcFSAQ0GPSnmDoU1SfG.6w--
2014-10-03 15:25 - 2014-10-03 15:25 - 00141346 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=zrj80VNzlU6KEffyFQN2Rw2WIkJfxRCUOtNUYepNZr4aPa8-&ts=1412375109&partner=ymail&sig=eaqTEBG1P7Kz3RoJIzqiPg--
2014-10-03 15:11 - 2014-10-03 15:11 - 00141303 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=JJI78bsyqE7rCL8j4SUhFSdA1_vxjQ3dyfVoW8XqvdkuSYQ-&ts=1412374276&partner=ymail&sig=xlrGUA7Xnh1eXHaHlpsxQA--
2014-10-03 15:07 - 2014-10-03 15:07 - 00141127 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=Fr6cud4DqU7ODN48FiCsYlNO1Wo2M2MxFN2Oq0JuHFLLK10-&ts=1412374069&partner=ymail&sig=PLtCk_32Lk5j72eqZnB1Ng--
2014-10-01 13:36 - 2014-10-01 13:36 - 00000000 _____ () C:\Users\Joyce\Downloads\push
2014-09-30 13:40 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 13:40 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 20:12 - 2014-09-29 20:12 - 00000000 _____ () C:\Users\Joyce\Downloads\beacon(1)
2014-09-24 10:18 - 2014-10-14 16:21 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-23 15:39 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 11:49 - 2012-12-27 14:29 - 01464839 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 11:47 - 2014-06-10 09:27 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-10-20 11:47 - 2014-01-22 16:10 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-20 11:47 - 2012-12-29 12:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 11:47 - 2010-11-20 20:47 - 01090438 _____ () C:\Windows\PFRO.log
2014-10-20 11:47 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 11:47 - 2009-07-13 21:51 - 00054424 _____ () C:\Windows\setupact.log
2014-10-20 11:46 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 11:46 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 11:43 - 2014-02-16 19:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-20 11:43 - 2013-04-12 09:20 - 00000008 __RSH () C:\Users\Joyce\ntuser.pol
2014-10-20 11:43 - 2012-12-27 14:28 - 00000000 ____D () C:\Users\Joyce
2014-10-20 11:42 - 2012-12-29 00:19 - 00000000 ____D () C:\Users\Joyce\AppData\Local\CrashDumps
2014-10-20 11:39 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-20 11:38 - 2012-12-29 12:41 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 11:34 - 2013-04-06 12:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 00:00 - 2012-12-27 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-17 06:50 - 2012-12-27 16:30 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-17 06:50 - 2012-12-27 16:29 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Citrix
2014-10-17 06:36 - 2012-12-27 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-10-16 16:00 - 2012-10-26 18:50 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-10-16 15:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 09:48 - 2012-12-27 14:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{390EC1BB-9729-4264-A12F-BB87D1044D24}
2014-10-15 22:06 - 2012-12-27 15:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-15 21:06 - 2009-07-13 22:13 - 00782280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 20:02 - 2012-12-29 12:35 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-15 20:02 - 2012-10-26 18:47 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-15 10:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-15 10:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 09:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 16:37 - 2012-12-27 16:21 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-10-14 16:36 - 2012-12-27 16:14 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-14 16:24 - 2014-08-25 14:37 - 00000000 ____D () C:\Users\Joyce\AppData\Local\SWDS
2014-10-14 16:21 - 2014-07-21 16:00 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\IDM2
2014-10-14 16:21 - 2012-10-26 18:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-10-14 16:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-14 16:20 - 2012-12-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-14 16:20 - 2012-12-29 12:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-14 16:20 - 2012-12-29 12:32 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Google
2014-10-14 16:20 - 2012-10-26 18:47 - 00000000 ____D () C:\ProgramData\CyberLink
2014-10-14 16:20 - 2012-10-26 18:46 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-10-14 16:20 - 2012-10-26 18:42 - 00000000 ____D () C:\ProgramData\Temp
2014-10-14 16:20 - 2012-10-26 18:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-14 14:19 - 2012-10-26 18:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-10-14 14:10 - 2009-07-13 21:45 - 00275656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 14:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 14:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 14:00 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 13:56 - 2012-12-27 15:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 13:18 - 2014-05-26 16:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-13 19:45 - 2012-12-27 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-10-13 19:45 - 2012-12-27 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-10-13 19:45 - 2012-12-27 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-10-08 16:30 - 2012-12-27 16:26 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-10-08 16:30 - 2012-11-29 12:56 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr.dll
2014-10-08 16:30 - 2012-11-29 12:56 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr2.dll
2014-10-08 16:30 - 2012-11-29 12:56 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys
2014-09-25 10:34 - 2013-05-14 15:35 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-25 10:34 - 2013-04-06 12:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 10:34 - 2013-04-06 12:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 10:34 - 2012-10-26 18:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:38 - 2014-06-28 13:57 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-22 08:38 - 2014-06-28 13:57 - 00000000 ____D () C:\Windows\system32\tprb

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:42

==================== End Of Log ============================

 

--------------------------------------------------------------------------------------------------

FSS.txt

--------------------------------------------------------------------------------------------------

Farbar Service Scanner Version: 21-07-2014
Ran by Joyce (administrator) on 20-10-2014 at 11:55:15
Running from "C:\Users\Joyce\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Attached Files



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 AM

Posted 20 October 2014 - 02:17 PM

First,
  • Please download ESET Services Repair Tool from here and save it to your Desktop;
  • Right click and choose Run as administrator
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart
Next,
Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 October 2014 - 02:41 PM

OK, the ESET tool has been run, system rebooted and here's the latest FSS log:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Joyce (administrator) on 20-10-2014 at 12:39:06
Running from "C:\Users\Joyce\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 AM

Posted 20 October 2014 - 03:17 PM

  • Download RemoteAccess.reg from here and download PolicyAgent.reg from here to your Desktop.
  • Locate RemoteAccess.reg on your Desktop and double-click on it to merge it with your registry
  • Answer Yes when prompted about merging with the registry
Do the same for PolicyAgent.reg.

Then reboot the system and post the new FSS log.

Edited by Machiavelli, 20 October 2014 - 03:17 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 October 2014 - 03:40 PM

Here's the latest FSS log:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Joyce (administrator) on 20-10-2014 at 13:36:52
Running from "C:\Users\Joyce\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:50 AM

Posted 20 October 2014 - 03:41 PM

Looks much better.
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 October 2014 - 04:00 PM

Ok, here's the latest FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Joyce (administrator) on JOYCE-HPDESKTOP on 20-10-2014 13:56:53
Running from C:\Users\Joyce\Desktop
Loaded Profile: Joyce (Available profiles: Joyce & LogMeInRemoteUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-13] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-08] (LogMeIn, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SENDORI TRAY] => "C:\Program Files (x86)\Sendori\SendoriTray.exe"
HKU\S-1-5-21-2384072416-2855680744-792196797-1000\...\Run: [IDMSQ] => C:\Program Files (x86)\IDMSQ\idmsq.exe /startup

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Joyce\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\anllaofeeadeggfpiaicgkioibfbjepe [2014-09-04]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffnepgjlfiinpkplhjmehkdhnaaongdk [2014-10-10]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccankbfoldbmopamiokjlnnafnoiadd [2014-08-23]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemkajilcj [2014-09-20]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdeckpdenbhnnimkilldfdiohhejcmma [2012-12-29]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (No Name) - C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnggipjiafeklgjdclhhkeefdebipmm [2014-08-23]
CHR HKLM-x32\...\Chrome\Extension: [mdeckpdenbhnnimkilldfdiohhejcmma] - C:\Users\Joyce\AppData\Local\TidyNetwork.com\tidy.crx []
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Joyce\AppData\Roaming\IDMSQ\IDMSQ.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-13] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-13] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2011-12-13] (IDT, Inc.) [File not signed]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-08] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 13:33 - 2014-10-20 13:32 - 00035780 _____ () C:\Users\Joyce\Desktop\RemoteAccess.reg
2014-10-20 13:33 - 2014-10-20 13:32 - 00005486 _____ () C:\Users\Joyce\Desktop\PolicyAgent.reg
2014-10-20 12:35 - 2014-10-20 12:35 - 04009167 _____ () C:\Users\Joyce\Desktop\ServicesRepair.exe
2014-10-20 12:35 - 2014-10-20 12:35 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-10-20 11:55 - 2014-10-20 13:37 - 00002440 _____ () C:\Users\Joyce\Desktop\FSS.txt
2014-10-20 11:53 - 2014-10-20 11:53 - 00035019 _____ () C:\Users\Joyce\Desktop\Addition.txt
2014-10-20 11:39 - 2014-10-20 11:38 - 00415232 _____ (Farbar) C:\Users\Joyce\Desktop\FSS.exe
2014-10-20 11:32 - 2014-10-20 11:35 - 00000000 ____D () C:\MATS
2014-10-19 16:53 - 2014-10-20 13:56 - 00011873 _____ () C:\Users\Joyce\Desktop\FRST.txt
2014-10-19 16:52 - 2014-10-20 13:56 - 00000000 ____D () C:\FRST
2014-10-19 16:51 - 2014-10-19 16:50 - 02112512 _____ (Farbar) C:\Users\Joyce\Desktop\FRST64.exe
2014-10-17 06:44 - 2014-10-17 06:44 - 00688992 ____R (Swearware) C:\Users\Joyce\Desktop\dds.com
2014-10-16 16:36 - 2014-10-16 16:37 - 15725144 _____ () C:\Users\Joyce\Desktop\RogueKiller.exe
2014-10-15 22:04 - 2014-10-15 22:04 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-15 22:04 - 2014-10-15 22:04 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-15 22:04 - 2014-10-15 22:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-15 21:04 - 2014-10-15 21:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-15 21:04 - 2014-10-15 21:06 - 11194928 _____ (SurfRight B.V.) C:\Users\Joyce\Desktop\HitmanPro_x64.exe
2014-10-15 19:11 - 2014-10-15 19:11 - 00001847 _____ () C:\Users\Joyce\Desktop\JRT.txt
2014-10-15 19:10 - 2014-10-15 19:10 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 18:55 - 2014-10-15 20:57 - 00000000 ____D () C:\AdwCleaner
2014-10-15 18:16 - 2014-10-15 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 17:02 - 2014-10-15 17:02 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\Malwarebytes
2014-10-15 17:01 - 2014-10-15 17:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-15 17:01 - 2014-10-15 17:01 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-15 17:01 - 2014-10-15 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-15 17:01 - 2014-10-15 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-15 17:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 16:13 - 2014-10-17 06:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-15 16:12 - 2014-10-15 16:12 - 00000000 ____D () C:\Users\Joyce\Documents\IT Files
2014-10-15 16:11 - 2014-10-16 16:22 - 00002272 _____ () C:\Users\Joyce\Desktop\Rkill.txt
2014-10-15 16:11 - 2014-10-15 16:07 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Joyce\Desktop\mbam-setup-1.75.0.1300.exe
2014-10-15 16:11 - 2014-10-15 16:07 - 01976320 _____ () C:\Users\Joyce\Desktop\AdwCleaner.exe
2014-10-15 16:11 - 2014-10-15 16:07 - 01705698 _____ (Thisisu) C:\Users\Joyce\Desktop\JRT.exe
2014-10-15 16:11 - 2014-10-15 16:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joyce\Desktop\tdsskiller.exe
2014-10-15 16:11 - 2014-10-15 16:03 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Joyce\Desktop\rkill.scr
2014-10-15 16:11 - 2014-10-06 20:30 - 00000059 _____ () C:\Users\Joyce\Desktop\ESET.txt
2014-10-14 16:49 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-14 16:40 - 2014-10-14 16:40 - 15722448 _____ (AVG Technologies) C:\Users\Joyce\Downloads\avg_gsr_stb_all_329p1_100 (1).exe
2014-10-14 16:38 - 2014-10-14 16:39 - 15722448 _____ (AVG Technologies) C:\Users\Joyce\Downloads\avg_gsr_stb_all_329p1_100.exe
2014-10-14 16:38 - 2014-10-14 16:38 - 00001290 _____ () C:\Users\Joyce\Desktop\dfrgui.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-14 16:36 - 2014-10-14 16:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-14 16:31 - 2014-10-14 16:31 - 01057488 _____ (Adobe) C:\Users\Joyce\Downloads\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
2014-10-14 16:24 - 2014-10-14 16:24 - 00000000 ____D () C:\Users\Joyce\AppData\Local\LogMeIn
2014-10-14 14:48 - 2014-10-14 14:48 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\TuneUp Software
2014-10-14 14:47 - 2014-10-14 17:14 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-14 14:47 - 2014-10-14 14:47 - 00000000 ___HD () C:\$AVG
2014-10-14 14:45 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-14 14:45 - 2014-10-14 14:45 - 00000000 ____D () C:\Users\Joyce\AppData\Local\MFAData
2014-10-14 14:44 - 2014-10-15 09:15 - 00000000 ____D () C:\ProgramData\Avg
2014-10-14 14:44 - 2014-10-15 09:15 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-14 14:43 - 2014-10-14 17:17 - 00000000 ____D () C:\Users\Joyce\AppData\Local\AvgSetupLog
2014-10-14 14:43 - 2014-10-14 14:53 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Avg
2014-10-14 14:19 - 2014-10-14 14:19 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-14 14:19 - 2014-10-14 14:19 - 00000000 ____D () C:\Program Files (x86)\ROyalShoPPperApp
2014-10-14 13:46 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 13:46 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 13:46 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 13:46 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 13:46 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 13:45 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 13:45 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 13:45 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 13:45 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 13:45 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 13:45 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 13:45 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 13:45 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 13:45 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 13:45 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 13:45 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 13:45 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 13:45 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 13:45 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 13:45 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 13:45 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 13:45 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 13:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 13:45 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 13:45 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 13:45 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 13:45 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 13:45 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 13:45 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 13:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 13:45 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 13:45 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 13:45 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 13:45 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 13:45 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 13:45 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 13:45 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 13:45 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 13:44 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 13:44 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 13:44 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 13:44 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 13:44 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 13:44 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 13:44 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 13:44 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 13:44 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 13:44 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 13:44 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 13:44 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 13:44 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 13:44 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 13:44 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 13:44 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 13:44 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 13:44 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 13:44 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 13:44 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 13:44 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 13:44 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 13:44 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 13:44 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 13:44 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 13:44 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 13:44 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 13:44 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 13:44 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 13:44 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 13:44 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 13:44 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 13:44 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 13:44 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 13:44 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 13:44 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 13:44 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 13:44 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 13:44 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 13:44 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 13:44 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 13:44 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 13:44 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 13:44 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 13:44 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 13:44 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 13:44 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 13:44 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 13:44 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 13:44 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 13:44 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 13:44 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 13:43 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 13:43 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 13:43 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 13:43 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 13:42 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 13:42 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 13:42 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 13:42 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 13:42 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 13:42 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 13:42 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 13:42 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 13:42 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 13:42 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 13:40 - 2012-12-28 17:36 - 00707728 _____ (MindSpark) C:\Program Files (x86)\gtUninstall GamingWonderland.dll
2014-10-14 13:40 - 2012-12-28 17:36 - 00178720 _____ () C:\Program Files (x86)\gtres.dll
2014-10-14 13:17 - 2014-10-14 13:17 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-14 13:17 - 2014-10-14 13:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-14 13:17 - 2014-10-14 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-14 13:17 - 2014-10-14 13:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-06 09:17 - 2014-10-06 09:17 - 00141431 _____ () C:\Users\Joyce\Downloads\imIAAAJ3VCxmtwAAAAaObR4&cred=h81TA_GFd1Oadd1QkAsmfCpM8Oydntpn2NEUhEhYsz8roKc-&ts=1412612275&partner=ymail&sig=LcFSAQ0GPSnmDoU1SfG.6w--
2014-10-03 15:25 - 2014-10-03 15:25 - 00141346 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=zrj80VNzlU6KEffyFQN2Rw2WIkJfxRCUOtNUYepNZr4aPa8-&ts=1412375109&partner=ymail&sig=eaqTEBG1P7Kz3RoJIzqiPg--
2014-10-03 15:11 - 2014-10-03 15:11 - 00141303 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=JJI78bsyqE7rCL8j4SUhFSdA1_vxjQ3dyfVoW8XqvdkuSYQ-&ts=1412374276&partner=ymail&sig=xlrGUA7Xnh1eXHaHlpsxQA--
2014-10-03 15:07 - 2014-10-03 15:07 - 00141127 _____ () C:\Users\Joyce\Downloads\imIAABL8VC7ypwAAABRKZDk&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=Fr6cud4DqU7ODN48FiCsYlNO1Wo2M2MxFN2Oq0JuHFLLK10-&ts=1412374069&partner=ymail&sig=PLtCk_32Lk5j72eqZnB1Ng--
2014-10-01 13:36 - 2014-10-01 13:36 - 00000000 _____ () C:\Users\Joyce\Downloads\push
2014-09-30 13:40 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 13:40 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 20:12 - 2014-09-29 20:12 - 00000000 _____ () C:\Users\Joyce\Downloads\beacon(1)
2014-09-24 10:18 - 2014-10-14 16:21 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-09-23 15:39 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 13:44 - 2012-12-27 14:29 - 01631954 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 13:42 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 13:42 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 13:38 - 2012-12-29 12:41 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 13:34 - 2014-06-10 09:27 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-10-20 13:34 - 2014-01-22 16:10 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-20 13:34 - 2013-04-06 12:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 13:34 - 2012-12-29 12:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 13:34 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 13:34 - 2009-07-13 21:51 - 00054626 _____ () C:\Windows\setupact.log
2014-10-20 11:47 - 2010-11-20 20:47 - 01090438 _____ () C:\Windows\PFRO.log
2014-10-20 11:43 - 2014-02-16 19:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-20 11:43 - 2013-04-12 09:20 - 00000008 __RSH () C:\Users\Joyce\ntuser.pol
2014-10-20 11:43 - 2012-12-27 14:28 - 00000000 ____D () C:\Users\Joyce
2014-10-20 11:42 - 2012-12-29 00:19 - 00000000 ____D () C:\Users\Joyce\AppData\Local\CrashDumps
2014-10-20 11:39 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-20 00:00 - 2012-12-27 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-17 06:50 - 2012-12-27 16:30 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-17 06:50 - 2012-12-27 16:29 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Citrix
2014-10-17 06:36 - 2012-12-27 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-10-16 16:00 - 2012-10-26 18:50 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-10-16 15:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 09:48 - 2012-12-27 14:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{390EC1BB-9729-4264-A12F-BB87D1044D24}
2014-10-15 22:06 - 2012-12-27 15:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-15 21:06 - 2009-07-13 22:13 - 00782280 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 20:02 - 2012-12-29 12:35 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-15 20:02 - 2012-10-26 18:47 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-15 10:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-15 10:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 09:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 16:37 - 2012-12-27 16:21 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Adobe
2014-10-14 16:36 - 2012-12-27 16:14 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-14 16:24 - 2014-08-25 14:37 - 00000000 ____D () C:\Users\Joyce\AppData\Local\SWDS
2014-10-14 16:21 - 2014-07-21 16:00 - 00000000 ____D () C:\Users\Joyce\AppData\Roaming\IDM2
2014-10-14 16:21 - 2012-10-26 18:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-10-14 16:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-14 16:20 - 2012-12-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-14 16:20 - 2012-12-29 12:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-14 16:20 - 2012-12-29 12:32 - 00000000 ____D () C:\Users\Joyce\AppData\Local\Google
2014-10-14 16:20 - 2012-10-26 18:47 - 00000000 ____D () C:\ProgramData\CyberLink
2014-10-14 16:20 - 2012-10-26 18:46 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-10-14 16:20 - 2012-10-26 18:42 - 00000000 ____D () C:\ProgramData\Temp
2014-10-14 16:20 - 2012-10-26 18:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-14 14:19 - 2012-10-26 18:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2014-10-14 14:10 - 2009-07-13 21:45 - 00275656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 14:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 14:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 14:00 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 13:56 - 2012-12-27 15:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 13:18 - 2014-05-26 16:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-13 19:45 - 2012-12-27 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-10-13 19:45 - 2012-12-27 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-10-13 19:45 - 2012-12-27 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-10-08 16:30 - 2012-12-27 16:26 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-10-08 16:30 - 2012-11-29 12:56 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr.dll
2014-10-08 16:30 - 2012-11-29 12:56 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr2.dll
2014-10-08 16:30 - 2012-11-29 12:56 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys
2014-09-25 10:34 - 2013-05-14 15:35 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-25 10:34 - 2013-04-06 12:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 10:34 - 2013-04-06 12:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 10:34 - 2012-10-26 18:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:38 - 2014-06-28 13:57 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-22 08:38 - 2014-06-28 13:57 - 00000000 ____D () C:\Windows\system32\tprb

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:42

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users