Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lingering damage from bad malware infection - HELP!


  • This topic is locked This topic is locked
6 replies to this topic

#1 9001M

9001M

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 02 May 2015 - 02:44 PM

At the beginning of April, this system was determined to be infected with Malware.  I ran through a suite of tools from your site, both in Safe Mode and Normal Operating Mode and it appears I had rid the machine of all malicious SW.  (I can supply the logs from those tools if you'd like).

 

However, a couple of weeks later, following a Windows Update (13 updates), all USB devices became disabled - KB, mouse, printer.

 

A System Restore to a date prior to the Windows Update recovered operation of those devices.

 

I worked through that collection of Updates and found two in particular that were causing the USB failure.  I hid those updates and applied the rest and everything seemed ok.  Then,

when the next set of Windows Updates showed up and installed, we're back to all USB devices being disabled.

 

I'm beginning to think there may be lingering damage from that malware infection that might be causing this issue.  I'm hoping you can help me find what's broken...

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by jkwong (administrator) on MARILOU-DELL on 02-05-2015 12:30:12
Running from C:\Users\jkwong\Desktop
Loaded Profiles: jkwong (Available profiles: Marilou & jkwong & soho & Administrator & SOHO Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_comm_customer.exe
(OEConnection) C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_system_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_customer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mitchell International) C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Mitchell International) C:\Program Files (x86)\Estimate Review\Estimate Review.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mitchell International) C:\Program Files (x86)\Mitchell\Communications\McDm.exe
(OEConnection, LLC) C:\Users\jkwong\AppData\Local\Apps\2.0\D1OWVDGC.4PD\B4TOROO7.ER0\oeco..tion_427d4db5813ce6d3_0001.0000_a75382d9903c7901\OEConnection.CollisionLink.Shop.TrayAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM-x32\...\Run: [EstimateReview] => C:\Program Files (x86)\Estimate Review\Estimate Review.exe [2801664 2014-06-06] (Mitchell International)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [McDm] => C:\Program Files (x86)\Mitchell\Communications\McDm.exe [327680 2011-10-12] (Mitchell International)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\917\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\Run: [OEConnection Estimate Uploader] => C:\Users\jkwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OEConnection\CollisionLink\CollisionLink Estimate Uploader.appref-ms
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\MountPoints2: {fb9c7f48-42fe-11e2-8c97-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk [2013-08-09]
ShortcutTarget: GoGear SA3MXX Device Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mitchell Communications Alert Checker.lnk [2013-06-26]
ShortcutTarget: Mitchell Communications Alert Checker.lnk -> C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe (Mitchell International)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {6158155F-A946-4971-894B-BD0779BDAD49} https://toyota.autopartsbridge.com/APB_Estimate_Integration.cab
DPF: HKLM-x32 {6B081705-DB09-4C5C-9CD0-F50AE950AB01} http://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E72CFC93-BAE3-8D60-85D1-129993AAC8B9} https://www.web-cms.com/UImageUploader.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Tcpip\..\Interfaces\{5EAB3524-B4CF-4D4D-8633-F9E891E6131B}: [NameServer] 192.168.1.251

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840363914-2742239351-3353569404-1160: @citrixonline.com/appdetectorplugin -> C:\Users\jkwong\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-22] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U16) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Page up top) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bipjgknmljicpokknhomnlfkadapjaeh [2015-03-19]
CHR Extension: (Video Plugin) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdoflejjdomkccpoldipblgeanoamao [2015-02-26]
CHR Extension: (Bookmark Checker) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2015-02-23]
CHR Extension: (Google Wallet) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-03-10] (Citrix Systems, Inc.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-03-26] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234344 2015-03-26] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 OECApplicationUpdaterService; C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [28672 2010-11-20] (OEConnection) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-03] ()
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99328 2012-12-10] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 12:30 - 2015-05-02 12:30 - 00016809 _____ () C:\Users\jkwong\Desktop\FRST.txt
2015-05-02 12:30 - 2015-05-02 12:30 - 00000000 ____D () C:\FRST
2015-05-02 12:02 - 2015-05-02 12:02 - 02101248 _____ (Farbar) C:\Users\jkwong\Desktop\FRST64.exe
2015-04-30 00:29 - 2015-03-22 20:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-21 15:47 - 2015-04-28 19:39 - 00000000 ____D () C:\Users\jkwong\AppData\Local\CrashDumps
2015-04-16 23:25 - 2015-03-09 22:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 23:25 - 2015-03-09 22:28 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 23:25 - 2015-03-09 22:28 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 23:25 - 2015-03-09 22:28 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 19292672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 15409152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 23:25 - 2015-03-09 22:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 23:25 - 2015-03-09 22:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 23:25 - 2015-03-09 22:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 23:25 - 2015-03-09 20:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 23:25 - 2015-03-09 20:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 23:25 - 2015-03-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 23:25 - 2015-03-09 20:07 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 23:25 - 2015-03-09 19:42 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-16 23:25 - 2015-03-09 19:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 23:25 - 2015-03-09 19:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 23:24 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 23:24 - 2015-03-16 22:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 23:24 - 2015-03-16 22:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 23:24 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 23:24 - 2015-03-16 22:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 23:24 - 2015-03-16 22:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 23:24 - 2015-03-16 22:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 23:24 - 2015-03-16 22:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 23:24 - 2015-03-16 22:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 23:24 - 2015-03-16 22:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 23:24 - 2015-03-16 22:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 23:24 - 2015-03-16 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 23:24 - 2015-03-16 22:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 23:24 - 2015-03-16 22:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 23:24 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 23:24 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 23:24 - 2015-03-16 21:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 23:24 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 23:24 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 23:24 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 23:24 - 2015-03-16 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 23:24 - 2015-03-16 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 23:24 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 23:22 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 23:22 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 23:22 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 13:21 - 2015-04-16 21:08 - 00005128 _____ () C:\Users\jkwong\Desktop\Rkill.txt
2015-04-15 10:05 - 2015-04-15 10:05 - 00000276 _____ () C:\Users\jkwong\Desktop\Dublin Toyota Auto Parts Bridge.url
2015-04-14 17:41 - 2015-04-14 19:37 - 00000000 ____D () C:\Users\jkwong\Documents\PhoenixRC
2015-04-14 17:29 - 2015-04-16 13:51 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-14 17:29 - 2015-04-14 17:32 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-14 15:54 - 2015-05-01 17:17 - 00000000 ____D () C:\AutoWatchImport
2015-04-04 03:00 - 2015-05-01 09:39 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 01:39 - 2015-04-03 01:39 - 00001419 _____ () C:\Users\jkwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 01:13 - 2015-04-03 01:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-04-03 01:13 - 2015-04-03 01:13 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-04-03 01:13 - 2015-04-03 01:13 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-04-03 01:13 - 2015-04-03 01:13 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-04-03 01:13 - 2015-04-03 01:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-04-03 01:13 - 2015-04-03 01:13 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-03 01:13 - 2015-04-03 01:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-02 23:32 - 2015-04-02 23:32 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-02 23:32 - 2015-04-02 23:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 20:27 - 2015-04-02 20:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-02 20:25 - 2015-04-02 20:25 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MARILOU-DELL-Windows-7-Professional-(64-bit).dat
2015-04-02 20:25 - 2015-04-02 20:25 - 00000000 ____D () C:\RegBackup
2015-04-02 20:09 - 2015-04-02 21:32 - 00000000 ____D () C:\AdwCleaner
2015-04-02 20:05 - 2015-04-16 23:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-02 20:05 - 2015-04-03 00:59 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-02 19:10 - 2015-04-02 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-02 19:09 - 2015-04-02 22:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-02 19:02 - 2015-04-02 19:04 - 00002590 _____ () C:\Users\marilou\Desktop\Rkill.txt
2015-04-02 19:02 - 2015-04-02 19:02 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\marilou\Desktop\rkill.scr
2015-04-02 14:54 - 2015-04-02 14:54 - 00001499 _____ () C:\Users\jkwong\Desktop\Internet Explorer (No Add-ons).lnk
2015-04-02 14:28 - 2015-04-02 14:28 - 00000000 ____D () C:\Users\jkwong\AppData\Roaming\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 12:29 - 2015-02-16 11:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 12:28 - 2014-04-22 11:05 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2840363914-2742239351-3353569404-1160.job
2015-05-02 12:12 - 2012-12-10 10:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 12:07 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 12:07 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 11:56 - 2013-01-21 16:03 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-05-02 11:55 - 2013-01-21 17:38 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2015-05-02 11:00 - 2013-06-27 08:47 - 00000000 ____D () C:\Users\jkwong\AppData\Local\Deployment
2015-05-02 10:45 - 2012-12-10 10:28 - 01725241 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 10:29 - 2015-02-16 11:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 17:47 - 2013-06-27 13:07 - 00000000 ____D () C:\Users\jkwong\Documents\Outlook Files
2015-05-01 17:31 - 2013-07-05 10:42 - 00000000 ____D () C:\Users\jkwong\AppData\Roaming\PrimoPDF
2015-05-01 17:31 - 2013-06-26 22:45 - 00000000 ____D () C:\Users\jkwong\Documents\JOHNNY
2015-05-01 13:23 - 2013-08-14 15:06 - 00000158 _____ () C:\Users\jkwong\AppData\Roaming\MitchellDownloadWebEMSUtil.xml
2015-05-01 13:20 - 2013-07-01 17:24 - 00000285 _____ () C:\Users\jkwong\AppData\Roaming\MitchellUploadWebEMSUtil.xml
2015-05-01 10:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-01 09:44 - 2014-01-21 09:14 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-05-01 09:44 - 2014-01-21 09:14 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-05-01 09:44 - 2009-07-13 21:51 - 00024214 _____ () C:\Windows\setupact.log
2015-05-01 09:43 - 2013-06-26 20:23 - 00000000 ____D () C:\Users\jkwong
2015-05-01 09:43 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 09:39 - 2014-11-03 11:32 - 00000000 ____D () C:\Users\jkwong\AppData\Local\OEConnection
2015-05-01 09:39 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-01 09:39 - 2013-06-26 23:49 - 00000000 ____D () C:\ProgramData\Mitchell
2015-05-01 09:39 - 2013-01-25 21:57 - 00000000 ____D () C:\Users\soho
2015-05-01 09:39 - 2013-01-21 18:06 - 00000000 ____D () C:\Users\administrator
2015-05-01 09:39 - 2013-01-21 17:52 - 00000000 ____D () C:\Users\marilou
2015-05-01 09:39 - 2013-01-21 14:12 - 00000000 ____D () C:\Users\SOHO Admin
2015-05-01 09:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-01 09:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2015-05-01 09:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-04-30 15:50 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-30 00:33 - 2013-07-09 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-29 22:58 - 2009-07-13 22:38 - 00067584 ____S () C:\Windows\bootstat(22).dat
2015-04-29 22:01 - 2011-02-10 07:33 - 00811978 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-29 22:01 - 2009-07-13 22:13 - 00811978 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-29 17:11 - 2013-12-30 18:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-24 13:27 - 2014-08-25 10:37 - 00001683 _____ () C:\Users\Public\Desktop\Mitchell Estimating.lnk
2015-04-24 13:27 - 2013-06-26 23:49 - 00000372 _____ () C:\Windows\ODBC.INI
2015-04-24 11:33 - 2013-06-28 09:02 - 00229624 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
2015-04-24 11:33 - 2013-06-28 09:02 - 00118008 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
2015-04-24 11:33 - 2013-06-28 09:02 - 00000000 ____D () C:\ProgramData\WebEx
2015-04-23 09:14 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-22 18:33 - 2013-06-28 14:02 - 00000000 ____D () C:\Users\jkwong\AppData\Local\Adobe
2015-04-20 08:52 - 2009-07-13 22:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 08:52 - 2009-07-13 22:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU(27).TXT
2015-04-16 23:20 - 2012-12-10 10:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 23:20 - 2012-12-10 10:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 23:20 - 2012-12-10 10:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 23:08 - 2012-12-10 10:30 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-16 23:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 23:07 - 2012-12-10 10:30 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-16 23:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-14 15:55 - 2013-06-26 20:23 - 00000000 ____D () C:\Users\jkwong\AppData\Local\VirtualStore
2015-04-14 15:10 - 2014-04-22 11:05 - 00003570 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2840363914-2742239351-3353569404-1160
2015-04-03 01:15 - 2013-04-30 03:00 - 00014792 _____ () C:\Windows\IE10_main.log
2015-04-03 00:15 - 2015-01-06 13:08 - 00000000 ____D () C:\ProgramData\mijfcpgegjenidanjhngoeppibobplbk
2015-04-02 21:56 - 2013-06-27 13:34 - 00000000 ____D () C:\Users\jkwong\Documents\IT Files
2015-04-02 19:43 - 2010-11-20 20:47 - 00608764 _____ () C:\Windows\PFRO.log
2015-04-02 19:36 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2015-04-02 19:05 - 2013-03-13 13:43 - 00000000 ____D () C:\Users\marilou\Documents\IT Files
2015-04-02 14:47 - 2014-12-23 16:55 - 00000000 ____D () C:\Users\jkwong\AppData\Local\com
2015-04-02 09:12 - 2015-02-02 10:10 - 00000000 ____D () C:\ProgramData\15247465331048254490UL

==================== Files in the root of some directories =======

2013-08-14 15:06 - 2013-08-14 15:06 - 0000000 _____ () C:\Users\jkwong\AppData\Roaming\Mitchell.DOWNLOADCHOICE
2013-07-03 09:37 - 2013-07-03 09:37 - 0000000 _____ () C:\Users\jkwong\AppData\Roaming\Mitchell.UPLOADCHOICE
2013-08-14 15:06 - 2015-05-01 13:23 - 0000158 _____ () C:\Users\jkwong\AppData\Roaming\MitchellDownloadWebEMSUtil.xml
2013-07-01 17:24 - 2015-05-01 13:20 - 0000285 _____ () C:\Users\jkwong\AppData\Roaming\MitchellUploadWebEMSUtil.xml
2014-12-22 10:30 - 2014-12-22 10:30 - 0000043 _____ () C:\Users\jkwong\AppData\Roaming\WB.CFG
2013-06-28 08:53 - 2013-06-28 08:53 - 0000094 _____ () C:\Users\jkwong\AppData\Local\fusioncache.dat
2014-12-18 11:00 - 2015-03-02 11:30 - 0000600 _____ () C:\Users\jkwong\AppData\Local\PUTTY.RND
2013-01-22 09:12 - 2013-05-24 15:49 - 0000576 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-12-23 20:43 - 2014-12-23 21:03 - 0001601 _____ () C:\ProgramData\tempimage.bmp

Files to move or delete:
====================
C:\Users\jkwong\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\marilou\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\SOHO Admin\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\jkwong\AppData\Local\Temp\dllnt_dump.dll
C:\Users\marilou\AppData\Local\Temp\Runner.exe
C:\Users\marilou\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-24 00:09

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 AM

Posted 07 May 2015 - 02:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575071 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 08 May 2015 - 02:12 AM

-  Yes, I still need help with this issue.  The problem as originally described remains. 

-  Still having to do System Restores, because even though I've disabled Automatic Updates, we're using MSE for virus protection.  Each time it receives an update to its virus definition database, it breaks the USB connections.

-  Don't have the original Win7 CD, but do have a viable Recovery Partition

 

Following is the updated FRST log you requested.

 

Thanks in advance for your help!

 

Steve

-----------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by jkwong (administrator) on MARILOU-DELL on 07-05-2015 23:56:42
Running from C:\Users\jkwong\Desktop
Loaded Profiles: jkwong (Available profiles: Marilou & jkwong & soho & Administrator & SOHO Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(OEConnection) C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_system_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_customer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Mitchell International) C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe
(Mitchell International) C:\Program Files (x86)\Estimate Review\Estimate Review.exe
(Mitchell International) C:\Program Files (x86)\Mitchell\Communications\McDm.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(OEConnection, LLC) C:\Users\jkwong\AppData\Local\Apps\2.0\D1OWVDGC.4PD\B4TOROO7.ER0\oeco..tion_427d4db5813ce6d3_0001.0000_a75382d9903c7901\OEConnection.CollisionLink.Shop.TrayAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM-x32\...\Run: [EstimateReview] => C:\Program Files (x86)\Estimate Review\Estimate Review.exe [2801664 2014-06-06] (Mitchell International)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [McDm] => C:\Program Files (x86)\Mitchell\Communications\McDm.exe [327680 2011-10-12] (Mitchell International)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\917\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\Run: [OEConnection Estimate Uploader] => C:\Users\jkwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OEConnection\CollisionLink\CollisionLink Estimate Uploader.appref-ms
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\MountPoints2: {fb9c7f48-42fe-11e2-8c97-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk [2013-08-09]
ShortcutTarget: GoGear SA3MXX Device Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mitchell Communications Alert Checker.lnk [2013-06-26]
ShortcutTarget: Mitchell Communications Alert Checker.lnk -> C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe (Mitchell International)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {6158155F-A946-4971-894B-BD0779BDAD49} https://toyota.autopartsbridge.com/APB_Estimate_Integration.cab
DPF: HKLM-x32 {6B081705-DB09-4C5C-9CD0-F50AE950AB01} http://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E72CFC93-BAE3-8D60-85D1-129993AAC8B9} https://www.web-cms.com/UImageUploader.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Tcpip\..\Interfaces\{5EAB3524-B4CF-4D4D-8633-F9E891E6131B}: [NameServer] 192.168.1.251

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840363914-2742239351-3353569404-1160: @citrixonline.com/appdetectorplugin -> C:\Users\jkwong\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-22] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java™ Platform SE 6 U16) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Page up top) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bipjgknmljicpokknhomnlfkadapjaeh [2015-03-19]
CHR Extension: (Video Plugin) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdoflejjdomkccpoldipblgeanoamao [2015-02-26]
CHR Extension: (Bookmark Checker) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2015-02-23]
CHR Extension: (Google Wallet) - C:\Users\jkwong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-03-10] (Citrix Systems, Inc.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-03-26] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234344 2015-03-26] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 OECApplicationUpdaterService; C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [28672 2010-11-20] (OEConnection) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-03] ()
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99328 2012-12-10] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 23:56 - 2015-05-07 23:59 - 00016772 _____ () C:\Users\jkwong\Desktop\FRST.txt
2015-05-07 23:49 - 2015-05-07 23:49 - 02102272 _____ (Farbar) C:\Users\jkwong\Desktop\FRST64.exe
2015-05-05 17:12 - 2015-05-05 17:12 - 00000000 ____D () C:\Users\jkwong\AppData\Local\openvr
2015-05-05 17:11 - 2015-05-05 17:11 - 00000000 ____D () C:\Users\jkwong\AppData\Local\Steam
2015-05-02 12:30 - 2015-05-07 23:56 - 00000000 ____D () C:\FRST
2015-04-21 15:47 - 2015-04-28 19:39 - 00000000 ____D () C:\Users\jkwong\AppData\Local\CrashDumps
2015-04-16 23:25 - 2015-03-09 22:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 23:25 - 2015-03-09 22:28 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 23:25 - 2015-03-09 22:28 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 23:25 - 2015-03-09 22:28 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 19292672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 15409152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 23:25 - 2015-03-09 22:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 23:25 - 2015-03-09 22:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 23:25 - 2015-03-09 22:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 23:25 - 2015-03-09 22:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 23:25 - 2015-03-09 20:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 23:25 - 2015-03-09 20:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 23:25 - 2015-03-09 20:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 23:25 - 2015-03-09 20:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 23:25 - 2015-03-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 23:25 - 2015-03-09 20:07 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 23:25 - 2015-03-09 19:42 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-16 23:25 - 2015-03-09 19:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 23:25 - 2015-03-09 19:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-16 23:24 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 23:24 - 2015-03-16 22:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 23:24 - 2015-03-16 22:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 23:24 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 23:24 - 2015-03-16 22:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 23:24 - 2015-03-16 22:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 23:24 - 2015-03-16 22:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 23:24 - 2015-03-16 22:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 23:24 - 2015-03-16 22:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 23:24 - 2015-03-16 22:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 23:24 - 2015-03-16 22:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 23:24 - 2015-03-16 22:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 23:24 - 2015-03-16 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 23:24 - 2015-03-16 22:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 23:24 - 2015-03-16 22:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 23:24 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 23:24 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 23:24 - 2015-03-16 21:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 23:24 - 2015-03-16 21:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 23:24 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 23:24 - 2015-03-16 21:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 23:24 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 23:24 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 23:24 - 2015-03-16 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 23:24 - 2015-03-16 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 23:24 - 2015-03-16 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 23:24 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 23:22 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 23:22 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 23:22 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 13:21 - 2015-04-16 21:08 - 00005128 _____ () C:\Users\jkwong\Desktop\Rkill.txt
2015-04-15 10:05 - 2015-04-15 10:05 - 00000276 _____ () C:\Users\jkwong\Desktop\Dublin Toyota Auto Parts Bridge.url
2015-04-14 17:41 - 2015-04-14 19:37 - 00000000 ____D () C:\Users\jkwong\Documents\PhoenixRC
2015-04-14 17:29 - 2015-04-16 13:51 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-14 17:29 - 2015-04-14 17:32 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-14 15:54 - 2015-05-07 16:31 - 00000000 ____D () C:\AutoWatchImport

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 23:46 - 2013-01-21 17:38 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2015-05-07 23:40 - 2013-01-21 16:03 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-05-07 23:29 - 2015-02-16 11:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 23:28 - 2014-04-22 11:05 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2840363914-2742239351-3353569404-1160.job
2015-05-07 23:12 - 2012-12-10 10:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-07 22:58 - 2012-12-10 10:28 - 01721580 _____ () C:\Windows\WindowsUpdate.log
2015-05-07 17:28 - 2013-12-30 18:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-07 17:28 - 2013-06-27 13:07 - 00000000 ____D () C:\Users\jkwong\Documents\Outlook Files
2015-05-07 15:13 - 2013-06-26 22:45 - 00000000 ____D () C:\Users\jkwong\Documents\JOHNNY
2015-05-07 14:36 - 2013-06-27 08:47 - 00000000 ____D () C:\Users\jkwong\AppData\Local\Deployment
2015-05-07 12:17 - 2013-07-01 17:24 - 00000285 _____ () C:\Users\jkwong\AppData\Roaming\MitchellUploadWebEMSUtil.xml
2015-05-07 10:51 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 10:51 - 2009-07-13 21:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-07 10:32 - 2015-02-16 11:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 10:32 - 2014-01-21 09:14 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-05-07 10:32 - 2014-01-21 09:14 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-05-07 10:32 - 2013-06-26 20:23 - 00000000 ____D () C:\Users\jkwong
2015-05-07 10:32 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 10:31 - 2009-07-13 21:51 - 00024214 _____ () C:\Windows\setupact.log
2015-05-07 10:29 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-07 10:29 - 2014-11-03 11:32 - 00000000 ____D () C:\Users\jkwong\AppData\Local\OEConnection
2015-05-07 10:29 - 2013-06-26 23:49 - 00000000 ____D () C:\ProgramData\Mitchell
2015-05-07 10:29 - 2013-01-25 21:57 - 00000000 ____D () C:\Users\soho
2015-05-07 10:29 - 2013-01-21 18:06 - 00000000 ____D () C:\Users\administrator
2015-05-07 10:29 - 2013-01-21 17:52 - 00000000 ____D () C:\Users\marilou
2015-05-07 10:29 - 2013-01-21 14:12 - 00000000 ____D () C:\Users\SOHO Admin
2015-05-07 10:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-05-07 10:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-07 10:28 - 2013-01-21 16:08 - 00000000 __RHD () C:\MSOCache
2015-05-06 13:14 - 2013-08-14 15:06 - 00000158 _____ () C:\Users\jkwong\AppData\Roaming\MitchellDownloadWebEMSUtil.xml
2015-05-05 14:56 - 2013-07-05 10:42 - 00000000 ____D () C:\Users\jkwong\AppData\Roaming\PrimoPDF
2015-05-04 17:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-04 09:49 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-04 09:49 - 2013-10-02 09:44 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-04 09:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2015-04-30 15:50 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-30 00:33 - 2013-07-09 21:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-29 22:01 - 2011-02-10 07:33 - 00811978 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-29 22:01 - 2009-07-13 22:13 - 00811978 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 13:27 - 2014-08-25 10:37 - 00001683 _____ () C:\Users\Public\Desktop\Mitchell Estimating.lnk
2015-04-24 13:27 - 2013-06-26 23:49 - 00000372 _____ () C:\Windows\ODBC.INI
2015-04-24 11:33 - 2013-06-28 09:02 - 00229624 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
2015-04-24 11:33 - 2013-06-28 09:02 - 00118008 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
2015-04-24 11:33 - 2013-06-28 09:02 - 00000000 ____D () C:\ProgramData\WebEx
2015-04-23 09:14 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-22 18:33 - 2013-06-28 14:02 - 00000000 ____D () C:\Users\jkwong\AppData\Local\Adobe
2015-04-20 08:52 - 2009-07-13 22:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-16 23:20 - 2012-12-10 10:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 23:20 - 2012-12-10 10:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 23:20 - 2012-12-10 10:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 23:08 - 2012-12-10 10:30 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-16 23:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 23:07 - 2015-04-02 20:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-16 23:07 - 2012-12-10 10:30 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-16 23:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-14 15:55 - 2013-06-26 20:23 - 00000000 ____D () C:\Users\jkwong\AppData\Local\VirtualStore
2015-04-14 15:10 - 2014-04-22 11:05 - 00003570 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2840363914-2742239351-3353569404-1160

==================== Files in the root of some directories =======

2013-08-14 15:06 - 2013-08-14 15:06 - 0000000 _____ () C:\Users\jkwong\AppData\Roaming\Mitchell.DOWNLOADCHOICE
2013-07-03 09:37 - 2013-07-03 09:37 - 0000000 _____ () C:\Users\jkwong\AppData\Roaming\Mitchell.UPLOADCHOICE
2013-08-14 15:06 - 2015-05-06 13:14 - 0000158 _____ () C:\Users\jkwong\AppData\Roaming\MitchellDownloadWebEMSUtil.xml
2013-07-01 17:24 - 2015-05-07 12:17 - 0000285 _____ () C:\Users\jkwong\AppData\Roaming\MitchellUploadWebEMSUtil.xml
2014-12-22 10:30 - 2014-12-22 10:30 - 0000043 _____ () C:\Users\jkwong\AppData\Roaming\WB.CFG
2013-06-28 08:53 - 2013-06-28 08:53 - 0000094 _____ () C:\Users\jkwong\AppData\Local\fusioncache.dat
2014-12-18 11:00 - 2015-03-02 11:30 - 0000600 _____ () C:\Users\jkwong\AppData\Local\PUTTY.RND
2013-01-22 09:12 - 2013-05-24 15:49 - 0000576 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-12-23 20:43 - 2014-12-23 21:03 - 0001601 _____ () C:\ProgramData\tempimage.bmp

Files to move or delete:
====================
C:\Users\jkwong\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\marilou\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\SOHO Admin\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\jkwong\AppData\Local\Temp\dllnt_dump.dll
C:\Users\marilou\AppData\Local\Temp\Runner.exe
C:\Users\marilou\AppData\Local\Temp\uninst1.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 17:45

==================== End Of Log ============================



#4 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 08 May 2015 - 02:17 AM

Sorry about the small font in my reply above - I wasn't paying attention when I posted it...



#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:40 AM

Posted 21 May 2015 - 11:17 PM

Hi, 9001M! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

I'm not finding anything particularly alarming in your logs, but I'll nevertheless clean up anything unneeded and try my best to fix the problems. :)

 

Farbar Recovery Scan Tool

First, I need you to run a fix with FRST. Many of these are just orphans.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\MountPoints2: {fb9c7f48-42fe-11e2-8c97-806e6f6e6963} - D:\autorun.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    S4 LMIRfsClientNP; No ImagePath
    C:\Windows\msdownld.tmp
    C:\Users\jkwong\AppData\Roaming\WB.CFG
    C:\ProgramData\tempimage.bmp
    C:\Users\jkwong\g2ax_customer_downloadhelper_win32_x86.exe
    C:\Users\marilou\g2ax_customer_downloadhelper_win32_x86.exe
    C:\Users\SOHO Admin\g2ax_customer_downloadhelper_win32_x86.exe
    C:\Users\jkwong\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\marilou\AppData\Local\Temp\Runner.exe
    C:\Users\marilou\AppData\Local\Temp\uninst1.exe
    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GoGear SA3MXX Device Manager (x32 Version: 0.1 - Philips) Hidden
    hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
    hpbM401DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
    hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
    hppM401LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
    hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
    hpStatusAlertsM401 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01018753.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01018753.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\aahassignments.com -> hxxps://aahassignments.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\collisiondataexchange.com -> hxxps://collisiondataexchange.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\electricautoclaims.com -> hxxps://electricautoclaims.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\ewfclaims.com -> hxxps://ewfclaims.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\farmersclaims.com -> hxxps://farmersclaims.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\fficassignments.com -> hxxps://fficassignments.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\grangeautoclaims.com -> hxxps://grangeautoclaims.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\innovation-connect.com -> hxxps://innovation-connect.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\mymitchell.com -> hxxps://mymitchell.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\qbeassignments.com -> hxxps://qbeassignments.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\reviewestimates.com -> hxxps://reviewestimates.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\stateautoclaims.com -> hxxps://stateautoclaims.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\theshopofchoice.com -> hxxps://theshopofchoice.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\vehicleassignments.com -> hxxps://vehicleassignments.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\viewclaim.com -> hxxps://viewclaim.com
    IE trusted site: HKU\S-1-5-21-2840363914-2742239351-3353569404-1160\...\viewclaims.com -> hxxp://www.viewclaims.com
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

Next, I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

 

Is this computer used for an automotive shop (or something similar)? I'm asking because you have quite a few programs I'm unfamiliar with that seem to be for that purpose.

 

If you don't, I'd like to ask if you use/recognize the below programs (and to remove them if you don't):

AccessPORT Driver 1.3.1

Accessport Manager 2.1.1.8

ALLDATA S3500 Estimate Integration

AutoWatch Utility

Collision Data Exchange

CollisionLink Estimate Uploader

Compliance Utility 4.5.0

EWF - CDX Control

Mitchell Capture
Mitchell Communications 1.9.147
Mitchell Estimating 7.1.177
Mitchell RepairCenter 2012
Mitchell System Requirement Verification 1.1.4

NuGen I T Trusted Applications
OEConnection Application Updater Service

Raster-XChange

 

In addition to the above, I'd like to ask if you use these, and if not, to remove them:

Adobe Reader XI (11.0.10) (perfectly legitimate, but its security vulnerabilities are often targeted by malware, so I'd get rid of it if you don't absolutely need it (Firefox has a built-in .pdf reader, for instance))

PrimoPDF -- brought to you by Nitro PDF Software (you seem to have no shortage of .pdf applications, but since this one is known to often be bundled with infections, I'd recommend getting rid of it)

If you want to use Programs and Features:

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.10)

    PrimoPDF -- brought to you by Nitro PDF Software
    by clicking Change/Remove, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which does a better job at cleaning up):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader XI (11.0.10)
    PrimoPDF -- brought to you by Nitro PDF Software
  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Windows Repair

I honestly have no idea what is causing Windows Updates to disable your USB devices, but I'm hoping I can at least get it fixed. It might take a while, but I'll do my best. :)

 

I need you to repair your PC with Windows Repair. This may not solve the problem, but it's very much so worth a shot. This fix will most likely re-enable the updates you previously disabled, so it will be a good chance to check to see if it worked or not.

  • Download Windows Repair from here, and save it to your desktop.
  • Open the installer, and follow the prompts to install the program. Once it's done, open Windows Repair.
  • Once it's open, click the Step 3: Optional tab. Click the Check button to see if your computer needs a CHKDSK to be ran. If it does, click the Do It button and follow the prompts to run CHKDSK. If it doesn't, proceed to the Step 4: Optional tab.
  • On this tab, click Do It to run the System File Checker. If it repairs any files, please reboot Windows. If it doesn't, proceed to the Step 5: Backup tab.
  • Under System Restore (Secondary), click the Create button to create a System Restore point. This way, if the repaired updates still disable your USB devices, you can restore to right after the previous fixes so that you don't need to do them again, but before the repairs took place. Once it's done, it will tell you the time and date the restore point was created; after confirming this, open the Repairs tab and click Open Repairs.
  • Temporarily disable your antivirus so that it doesn't interfere with any of the fixes that Windows Repair is going to run. If you don't know how to do that, see this topic.
  • Make sure all of the options are unchecked, except for Repair Windows Updates, and click Start Repairs to begin the repairs. Once the repairs are done running, click the View Logs button, and copy and paste the contents of _Windows_Repair_Log.txt into your reply. Re-enable your antivirus when done.

Let me know how all this worked.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 May 2015 - 11:55 PM

Hi Gunto,

 

I really appreciate you taking the time to review this issue and try tackling it!  Yes, indeed this system is in use at an auto body repair shop.  So all of those programs you listed are core apps for the business, and cannot be removed. 

 

As fate would have it, the user of this system was let go yesterday and I was asked by management to prep the system for a new user.  After creating the new user profile, I decided to take a stab at installing Windows Updates to see what would happen.  I first just installed a single pending MSE update, rebooted the system and checked - no broken USB devices.  I slowly ratcheted up the type and number of updates, rebooting each time and the system continued to come back trouble-free.  I finally committed all remaining updates (over 40 in total) and again, all USB devices remained operational.  So, whatever the issue was, it appears to have been limited strictly to that previous user profile.

 

Seeing as the current user profile is free of this issue, I'm going to suggest we let sleeping dogs lie and not bother trying to chase that ghost.

 

I'm really sorry I didn't update this topic before you spent the time investigating it.  Again, I really appreciate your efforts and willingness to try to find a solution.

 

So, if you don't mind, I'd suggest we close this topic.

 

Thanks and best regards,

 

Steve



#7 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:40 AM

Posted 22 May 2015 - 12:36 AM

Hi,

 

Absolutely no problem! I'm just glad you could get it fixed. :) I hope you encounter no further issues.

 

Per user request, this topic is now closed. If you decide you'd rather continue, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users