Jump to content

Purrington666

Honorary Members
  • Posts

    112
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

4,622 profile views
  1. Gringo: I was able to resolve the issue. You may close this thread. Thank you for getting back to me.
  2. I appreciate your guidance and apologize for posting my inquiry at an incorrect forum. Thank you
  3. I hope this is the correct forum to post my inquiry. I recently ran "Hitman Pro" and got the following message: Suspicious File: C:\windows\system32\PerfStringBackup.INI Today I also ran "Combofix" and the report seems to indicate a potential problem with a "win32 infection. I have attached this report. Also when I run Malwarebytes Anti-Malware Premium while I appear not to be infected after the scan runs and I try to shut it down I keep getting a message that it is not "responding." Should I be worried about these? Thank you combo fix.txt
  4. I recently ran "Hitman Pro" and got the following message with a suspicious file. I also ran "Combofix" and the report seems to indicate a potential problem with a "win32 infection. I have attached this report. Should I be worried about these? HitmanPro 3.7.9.225www.hitmanpro.com Computer name . . . . : LEWIS-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Lewis-PC\Lewis UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2014-10-04 19:37:21 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 1,672,948 Files scanned . . . . : 28,931 Remnants scanned . . : 256,507 files / 1,387,510 keys Suspicious files ____________________________________________________________ C:\windows\system32\PerfStringBackup.INI Size . . . . . . . : 7,052 bytes Age . . . . . . . : 1908.8 days (2009-07-14 01:13:15) Entropy . . . . . : 3.1 Thank youComboFix.txt
  5. I have performed all of the cleanup tasks you have suggested. Thank you for the preventative maintenance suggestions and for cleaning up my laptop.
  6. # AdwCleaner v3.215 - Report created 13/07/2014 at 13:32:44 # Updated 09/07/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Lewis - LEWIS-PC # Running from : C:\Users\Lewis\Downloads\adwcleaner_3.215.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R47].txt - [765 octets] - [09/07/2014 05:49:52] AdwCleaner[R48].txt - [831 octets] - [13/07/2014 13:31:11] AdwCleaner[s13].txt - [752 octets] - [13/07/2014 13:32:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s13].txt - [812 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Lewis on Sun 07/13/2014 at 13:37:57.66 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 07/13/2014 at 13:48:36.34 End of JRT log Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Secunia PSI (3.0.0.9016) Java 7 Update 55 Java version out of Date! Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Secure Backup SUpdateNotifier.exe Malwarebytes Anti-Exploit mbae-svc.exe Malwarebytes Anti-Malware mbamscheduler.exe Malwarebytes Secure Backup SAgent.Service.exe Malwarebytes Secure Backup mbsbscan.exe Malwarebytes Secure Backup SMessaging.exe Malwarebytes Anti-Exploit mbae.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log`````````````````````` May I ask three questions: 1. What was the difficulty with “Savings Bond Wizard” that made it necessary to remove it from my system? It is a tool from the U.S. Treasury Dept. to track Bond performance. 2. On the Farbar Fixlist it refers to: “C:\Users\James\AppData\.” Nobody by the name of James has ever been given access to my laptop? Should I be concerned that my laptop was hacked? 3. When I did the “ESET” scan I left the “Remove Threat Checkbox” un-ticked so the threat detected was not removed. It did not appear on the ADWCleaner scan. Should I run the “ESET” scan again and remove it? I greatly appreciate your help. Any further guidance you might have as to preventative measures I should take to avoid further issues will be greatly appreciated. Thank you.
  7. C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000202 a variant of Win32/CNETInstaller.B potentially unwanted application
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014 Ran by Lewis at 2014-07-11 05:16:13 Run:1 Running from C:\Users\Lewis\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR Extension: (CostMin) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp [2014-07-07] CHR Extension: (CostMin) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0 [2014-07-07] 2014-07-07 01:07 - 2014-07-07 01:07 - 00000000 ____D () C:\Program Files (x86)\predm 2014-07-07 01:04 - 2014-07-07 01:42 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-07-07 01:04 - 2014-07-07 01:09 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-07-07 01:04 - 2014-07-07 01:06 - 00000000 ____D () C:\ProgramData\d76b26a3592eb7d3 2014-07-07 01:04 - 2014-07-07 01:04 - 00003360 _____ () C:\Windows\System32\Tasks\EnergoTech Update 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Torch 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Packages 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Comodo 2014-07-07 01:04 - 2014-07-07 01:04 - 00000000 ____D () C:\Users\James\AppData\Local\Chromatic Browser C:\Users\James\AppData\Local\Temp\51m1k2rz.slp.exe C:\Users\James\AppData\Local\Temp\heyu0n1f.eiu.exe C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe ***************** "C:\windows\system32\GroupPolicy\Machine" => File/Directory not found. C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp directory not found. C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainhfmdopfddiidepklclbmmlmkfmpkp\2.0 directory not found. "C:\Program Files (x86)\predm" => File/Directory not found. "C:\Program Files (x86)\SupTab" => File/Directory not found. "C:\ProgramData\ntuser.pol" => File/Directory not found. "C:\ProgramData\d76b26a3592eb7d3" => File/Directory not found. "C:\Windows\System32\Tasks\EnergoTech Update" => File/Directory not found. "C:\Users\James\AppData\Local\Torch" => File/Directory not found. "C:\Users\James\AppData\Local\Packages" => File/Directory not found. "C:\Users\James\AppData\Local\Comodo" => File/Directory not found. "C:\Users\James\AppData\Local\Chromatic Browser" => File/Directory not found. "C:\Users\James\AppData\Local\Temp\51m1k2rz.slp.exe" => File/Directory not found. "C:\Users\James\AppData\Local\Temp\heyu0n1f.eiu.exe" => File/Directory not found. "C:\Users\James\AppData\Local\Temp\repuh3f3.rox.exe" => File/Directory not found. ==== End of Fixlog ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/11/2014 Scan Time: 5:18:31 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.11.03 Rootkit Database: v2014.07.09.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Lewis Scan Type: Threat Scan Result: Completed Objects Scanned: 286370 Time Elapsed: 10 min, 28 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  9. I just noticed that my post on the FRST Log did not post the entire text. I think it may have been to long for a single post. Below is the remainder to the FRST Log. I apologize for any inconvenience. 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 00:56 ==================== End Of Log ============================
  10. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014 Ran by Lewis at 2014-07-09 17:51:58 Running from C:\Users\Lewis\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Avery Template - U_0087_01_PlateauLines_0805_01_en (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 1.0.0.0 - Avery) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft) Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell) Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft) Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps) Dell Support Center (Version: 3.1.5907.23 - PC-Doctor, Inc.) Hidden Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.220 - SurfRight B.V.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Malwarebytes Secure Backup (HKLM-x32\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC) Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 4.15 - ) <==== ATTENTION Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation) Zinio Alert Messenger (x32 Version: 4.0.2570 - Zinio LLC) Hidden Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Restore Points ========================= 09-07-2014 08:52:18 After installing Advanced Uninstaller PRO 09-07-2014 16:58:43 Removed Cookienator 09-07-2014 18:26:59 Restore Operation ==================== Hosts content: ========================== 2009-07-13 22:34 - 2014-07-09 11:59 - 00000747 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {08E7F967-E580-4036-9B5D-7DE3012A294F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.) Task: {12608D99-FB59-406C-AB78-33DF23FD9F5D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {223A9C25-F81C-46EA-8C7D-4A79E134DC95} - System32\Tasks\{E0C02BB2-E10A-4787-843C-8DBE4BAFCF49} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2013-11-08] (Microsoft Corporation) Task: {2F7B0BC0-94B4-49D2-B8C8-051B3FE16248} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe Task: {3787A3F1-83A5-4EEB-9EF5-BC374252B921} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-02-07] (PC-Doctor, Inc.) Task: {386CB256-2524-461C-89F9-F258780F6178} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1422163307-3788927115-2030255185-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.) Task: {690EF210-3C3E-4D7C-8419-520B39C6F4DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {7620479D-5519-4082-B9AA-B11D5DCE2782} - System32\Tasks\{B9F54019-5895-4C67-8889-5CF0FCC26592} => C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11] (Microsoft Corporation) Task: {920AAE2B-E31A-43AD-B711-CEFDA9303C9E} - System32\Tasks\Malwarebytes Secure Backup - devin104@primelink1.net => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [2014-03-19] (Malwarebytes Secure Backup) Task: {96F14597-6597-47ED-8DAB-3458EBF2B483} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1422163307-3788927115-2030255185-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {9AE1BB29-662F-4619-8070-ECD2E5FE9D7E} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe [2014-03-19] (Malwarebytes Secure Backup) Task: {C8A0B1EF-464E-430A-B8EA-4C9E1527B067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.) Task: {DBE087F4-8B41-46B7-9017-DB78DC55353F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.) Task: {DEF5643B-367E-4A5A-B336-F79B1EF5DB7F} - System32\Tasks\{68313C00-F4BB-4305-8EEB-2FC4046E7DBD} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Malwarebytes Secure Backup - devin104@primelink1.net.job => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe Task: C:\windows\Tasks\Online Backup Update Notifier.job => C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2012-03-03 16:50 - 2009-11-04 09:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00037272 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Contracts.CentralManagement.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00040344 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Utils.Rc.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00019864 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.Contracts.RemoteControl.dll 2014-03-19 14:25 - 2014-03-19 14:25 - 00035224 ____C () C:\Program Files (x86)\Malwarebytes Secure Backup\SOS.SharedEverywhere.dll 2012-01-05 01:41 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 ____C () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 00716616 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 00126280 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 04217672 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 00414536 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 01732424 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-06-13 05:04 - 2014-06-05 09:58 - 14612296 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AESTFilters => 3 MSCONFIG\Services: AMPPALR3 => 2 MSCONFIG\Services: Bluetooth Device Monitor => 3 MSCONFIG\Services: Bluetooth Media Service => 3 MSCONFIG\Services: Bluetooth OBEX Service => 3 MSCONFIG\Services: BTHSSecurityMgr => 3 MSCONFIG\Services: DellDigitalDelivery => 3 MSCONFIG\Services: dleaCATSCustConnectService => 2 MSCONFIG\Services: dlea_device => 2 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hmpalertsvc => 2 MSCONFIG\Services: IAStorDataMgrSvc => 3 MSCONFIG\Services: LMS => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: ReimageRealTimeProtection => 2 MSCONFIG\Services: sagentservice => 2 MSCONFIG\Services: SbieSvc => 2 MSCONFIG\Services: Secunia PSI Agent => 2 MSCONFIG\Services: SftService => 3 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: UNS => 3 MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp MSCONFIG\startupreg: Dell V310-V510 Series => "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: SMessaging => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe MSCONFIG\startupreg: SOSUAUI => "C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe" -showui MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport #2 Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: avast! Firewall NDIS Filter Miniport #10 Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (07/09/2014 04:21:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 03:57:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 03:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:40:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 02:35:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:34:54 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070005. Error: (07/09/2014 02:31:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:30:53 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Removed Cookienator). Additional information: 0x80070005. Error: (07/09/2014 00:47:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (07/09/2014 00:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/09/2014 00:39:12 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 00:29:13 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 00:23:51 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 00:23:45 PM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 05:38:53 AM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 05:38:47 AM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Error: (07/09/2014 05:34:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/09/2014 05:34:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473536. Error: (07/09/2014 05:33:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/09/2014 04:11:44 AM) (Source: DCOM) (EventID: 10016) (User: Lewis-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lewis-PCLewisS-1-5-21-1422163307-3788927115-2030255185-1000LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (07/09/2014 04:21:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 03:57:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 03:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:40:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 02:35:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:34:54 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Restore Operation0x80070005 Error: (07/09/2014 02:31:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 02:30:53 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Removed Cookienator0x80070005 Error: (07/09/2014 00:47:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: 160000000011B9000011B90000980B0000 Error: (07/09/2014 00:42:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-07-09 03:32:09.990 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-09 03:32:09.912 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-08 19:50:55.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-08 19:50:55.912 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-22 04:54:18.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-22 04:19:51.325 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 23:42:56.830 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 23:31:50.279 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 23:19:24.267 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-21 17:15:08.631 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 6051.18 MB Available physical RAM: 3228.11 MB Total Pagefile: 12100.54 MB Available Pagefile: 8936.95 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:407.71 GB) NTFS Drive e: () (Removable) (Total:3.73 GB) (Free:1.24 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BDFF1CAD) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  11. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014 Ran by Lewis (administrator) on LEWIS-PC on 09-07-2014 17:50:54 Running from C:\Users\Lewis\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks) HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: *‮* <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: 4SyncOverlay1 -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll (New IT Solutions Ltd) ShellIconOverlayIdentifiers: 4SyncOverlay2 -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll (New IT Solutions Ltd) ShellIconOverlayIdentifiers: 4SyncOverlay3 -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll (New IT Solutions Ltd) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: https://www.yahoo.com/ CHR StartupUrls: "hxxp://www.yahoo.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09] CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-09] CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-09] CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09] CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-07-09] CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2014-07-09] CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-07-09] CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-09] CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S4 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed] S4 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed] S4 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed] S4 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] () S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( ) S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( ) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-08] (SurfRight B.V.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () [File not signed] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-08] (Emsisoft GmbH) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] () R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Lewis\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-09 17:50 - 2014-07-09 17:51 - 00027972 _____ () C:\Users\Lewis\Downloads\FRST.txt 2014-07-09 17:50 - 2014-07-09 17:50 - 00000000 ___DC () C:\FRST 2014-07-09 17:49 - 2014-07-09 17:49 - 02084352 _____ (Farbar) C:\Users\Lewis\Downloads\FRST64.exe 2014-07-09 17:49 - 2014-07-09 17:49 - 00001447 _____ () C:\Users\Lewis\Desktop\FRST64 - Shortcut.lnk 2014-07-09 11:18 - 2014-07-09 11:18 - 00003544 ____C () C:\bootsqm.dat 2014-07-09 06:39 - 2014-07-09 06:40 - 04501328 _____ (Systweak Inc ) C:\Users\Lewis\Downloads\rcp_dcomnew_util_728.exe 2014-07-09 05:51 - 2014-07-09 05:51 - 00000000 ___DC () C:\ProgramData\RogueKiller 2014-07-09 05:49 - 2014-07-09 12:08 - 00000000 ___DC () C:\AdwCleaner 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ___DC () C:\ProgramData\Innovative Solutions 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Innovative Solutions 2014-07-09 03:48 - 2014-07-09 03:48 - 00199753 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-48-23 (pid 1992).log 2014-07-09 03:47 - 2014-07-09 03:47 - 00198355 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-47-14 (pid 988).log 2014-07-09 03:26 - 2014-07-09 03:36 - 00000000 ___DC () C:\Qoobox 2014-07-09 03:26 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe 2014-07-09 03:26 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe 2014-07-09 03:26 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe 2014-07-09 03:26 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe 2014-07-09 01:41 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-07-09 01:41 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-07-09 01:41 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-07-09 01:41 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-07-09 01:41 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-07-09 01:41 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-07-09 01:41 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-07-09 01:41 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-07-09 01:41 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-07-09 01:41 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2014-07-09 01:40 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-07-09 01:40 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-07-09 01:40 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-07-09 01:40 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-07-09 01:40 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-07-09 01:40 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-07-09 01:40 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-07-09 01:40 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-07-09 01:40 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-07-09 01:40 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-07-09 01:40 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-07-09 01:40 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-07-09 01:40 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-07-09 01:40 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-07-09 01:40 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-07-09 01:40 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-07-09 01:40 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-07-09 01:40 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-07-09 01:40 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-07-09 01:40 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 01:40 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-07-09 01:40 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-07-09 01:40 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-07-09 01:40 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-07-09 01:40 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-07-09 01:40 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-07-09 01:40 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-07-09 01:40 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-07-09 01:40 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-07-09 01:40 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-07-09 01:40 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-07-09 01:40 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-07-09 01:40 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-07-09 01:40 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-07-09 01:40 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-07-09 01:40 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-07-09 01:40 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-07-09 01:40 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-07-09 01:40 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-07-09 01:40 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-07-09 01:40 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 01:40 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-07-09 01:40 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-07-09 01:40 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-07-09 01:40 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-07-09 01:40 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-07-09 01:40 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-07-09 01:40 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-07-09 01:40 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-07-09 01:40 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-07-09 01:40 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-07-09 01:40 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-07-09 01:40 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-07-09 01:40 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-07-09 01:40 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-07-09 01:40 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-07-09 01:40 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-07-09 01:40 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-07-09 01:40 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-07-08 12:21 - 2014-07-08 12:31 - 00000000 ___DC () C:\EEK 2014-07-08 10:57 - 2014-07-08 10:57 - 02347384 _____ (ESET) C:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe 2014-07-08 10:34 - 2014-07-08 10:34 - 00030336 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-08 04:59 - 2014-07-08 05:00 - 109621496 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\msert.exe 2014-07-08 04:45 - 2014-07-09 11:51 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys 2014-07-08 00:01 - 2014-07-08 00:01 - 00000000 ___DC () C:\Program Files (x86)\ESET 2014-07-02 07:31 - 2014-04-11 11:10 - 00000870 _____ () C:\Users\Lewis\Documents\Savings Bond Wizard.lnk 2014-06-30 05:48 - 2014-06-30 05:48 - 00001435 _____ () C:\Users\Lewis\Desktop\Shamdasani - The Boundless Expanse sm - Shortcut.lnk 2014-06-25 15:47 - 2014-06-25 15:47 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-06-18 15:17 - 2014-06-18 15:18 - 00000000 ____D () C:\Users\Lewis\AppData\Local\calibre-cache 2014-06-18 15:15 - 2014-06-18 15:18 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\calibre 2014-06-18 14:01 - 2014-06-18 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-06-17 19:45 - 2014-07-09 06:15 - 00003246 _____ () C:\windows\System32\Tasks\Trojan Killer 2014-06-17 08:22 - 2014-06-17 08:22 - 12881523 _____ () C:\Users\Lewis\Downloads\blog-06-17-2014.xml 2014-06-16 05:12 - 2014-06-18 14:01 - 10971424 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe 2014-06-16 05:12 - 2014-06-16 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-06-16 05:11 - 2014-06-16 05:12 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-06-15 18:54 - 2014-07-09 05:08 - 00006306 _____ () C:\windows\PFRO.log 2014-06-15 18:35 - 2014-06-15 18:52 - 00000000 ___DC () C:\Program Files (x86)\Amazon 2014-06-15 18:23 - 2014-06-15 18:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lewis\Downloads\mbar-1.07.0.1012.exe 2014-06-15 16:46 - 2014-07-09 15:52 - 00008064 _____ () C:\windows\setupact.log 2014-06-15 16:46 - 2014-06-15 16:46 - 00000000 _____ () C:\windows\setuperr.log 2014-06-13 16:43 - 2014-06-13 16:43 - 00090202 _____ () C:\Users\Lewis\Downloads\09Jan2014 DEPTH PSYCHOLOGY RESOURCES - MASTER LIST (JAN-9) (3).xlsx 2014-06-11 03:55 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2014-06-11 03:55 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll 2014-06-11 03:55 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2014-06-11 03:55 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll 2014-06-11 03:55 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-06-11 03:55 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 03:55 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2014-06-11 03:55 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-06-11 03:55 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll 2014-06-11 03:55 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-06-11 03:55 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll 2014-06-11 03:55 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2014-06-11 03:55 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll 2014-06-11 03:55 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2014-06-09 16:15 - 2014-06-09 10:56 - 00001108 _____ () C:\Users\Lewis\Documents\Malwarebytes Anti-Malware.lnk 2014-06-09 10:56 - 2014-06-09 10:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ==================== One Month Modified Files and Folders ======= 2014-07-09 17:51 - 2014-07-09 17:50 - 00027972 _____ () C:\Users\Lewis\Downloads\FRST.txt 2014-07-09 17:50 - 2014-07-09 17:50 - 00000000 ___DC () C:\FRST 2014-07-09 17:49 - 2014-07-09 17:49 - 02084352 _____ (Farbar) C:\Users\Lewis\Downloads\FRST64.exe 2014-07-09 17:49 - 2014-07-09 17:49 - 00001447 _____ () C:\Users\Lewis\Desktop\FRST64 - Shortcut.lnk 2014-07-09 17:47 - 2014-02-11 18:38 - 01464903 _____ () C:\windows\WindowsUpdate.log 2014-07-09 17:25 - 2013-10-04 05:48 - 00000000 ____D () C:\Users\Lewis\Documents\Outlook Files 2014-07-09 17:25 - 2013-07-09 19:36 - 48658944 ___SH () C:\Users\Lewis\Desktop\Thumbs.db 2014-07-09 17:16 - 2014-05-21 19:46 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-09 17:03 - 2014-03-11 17:39 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-09 16:02 - 2014-03-08 13:50 - 00000490 _____ () C:\windows\Tasks\Online Backup Update Notifier.job 2014-07-09 16:00 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-09 16:00 - 2009-07-14 00:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-09 15:53 - 2012-01-05 01:50 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-07-09 15:53 - 2012-01-05 01:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-07-09 15:53 - 2012-01-05 01:41 - 00000000 ___DC () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-07-09 15:52 - 2014-06-15 16:46 - 00008064 _____ () C:\windows\setupact.log 2014-07-09 15:52 - 2014-03-11 17:39 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-09 15:52 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-09 14:33 - 2012-03-02 16:56 - 00000000 ____D () C:\Users\Lewis 2014-07-09 14:33 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration 2014-07-09 12:51 - 2014-03-08 13:52 - 00000530 _____ () C:\windows\Tasks\Malwarebytes Secure Backup - devin104@primelink1.net.job 2014-07-09 12:18 - 2014-02-20 06:43 - 00000000 ____D () C:\Users\Lewis\AppData\Local\CrashDumps 2014-07-09 12:08 - 2014-07-09 05:49 - 00000000 ___DC () C:\AdwCleaner 2014-07-09 11:51 - 2014-07-08 04:45 - 00029160 _____ () C:\windows\SysWOW64\Drivers\TrueSight.sys 2014-07-09 11:18 - 2014-07-09 11:18 - 00003544 ____C () C:\bootsqm.dat 2014-07-09 06:40 - 2014-07-09 06:39 - 04501328 _____ (Systweak Inc ) C:\Users\Lewis\Downloads\rcp_dcomnew_util_728.exe 2014-07-09 06:15 - 2014-06-17 19:45 - 00003246 _____ () C:\windows\System32\Tasks\Trojan Killer 2014-07-09 05:51 - 2014-07-09 05:51 - 00000000 ___DC () C:\ProgramData\RogueKiller 2014-07-09 05:33 - 2012-03-02 17:31 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Apps\2.0 2014-07-09 05:12 - 2012-03-02 18:08 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Skype 2014-07-09 05:12 - 2012-03-02 17:48 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Microsoft Help 2014-07-09 05:12 - 2012-01-05 01:08 - 00000000 ___DC () C:\Intel 2014-07-09 05:12 - 2011-02-23 09:08 - 00000000 ____D () C:\windows\Panther 2014-07-09 05:12 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default 2014-07-09 05:08 - 2014-06-15 18:54 - 00006306 _____ () C:\windows\PFRO.log 2014-07-09 04:54 - 2012-01-05 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ___DC () C:\ProgramData\Innovative Solutions 2014-07-09 04:52 - 2014-07-09 04:52 - 00000000 ____D () C:\Users\Lewis\AppData\Local\Innovative Solutions 2014-07-09 04:44 - 2014-01-14 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-09 03:48 - 2014-07-09 03:48 - 00199753 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-48-23 (pid 1992).log 2014-07-09 03:47 - 2014-07-09 03:47 - 00198355 _____ () C:\Users\Lewis\kavremvr 2014-07-09 03-47-14 (pid 988).log 2014-07-09 03:41 - 2014-05-18 08:08 - 00000000 ___DC () C:\found.000 2014-07-09 03:36 - 2014-07-09 03:26 - 00000000 ___DC () C:\Qoobox 2014-07-09 03:32 - 2009-07-13 22:34 - 00000215 ____C () C:\windows\system.ini 2014-07-09 03:26 - 2014-01-14 08:54 - 00000000 ____D () C:\windows\erdnt 2014-07-09 03:09 - 2009-07-14 00:45 - 00416688 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-09 03:07 - 2014-05-06 05:36 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-07-09 03:07 - 2012-03-02 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-09 03:07 - 2012-01-05 02:57 - 00000000 ___DC () C:\Program Files\Windows Journal 2014-07-09 03:07 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism 2014-07-09 03:07 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism 2014-07-09 03:05 - 2013-08-13 19:55 - 00000000 ____D () C:\windows\system32\MRT 2014-07-09 03:03 - 2012-03-04 03:42 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-07-09 01:45 - 2012-01-05 01:22 - 00000000 ____D () C:\ProgramData\Temp 2014-07-08 19:16 - 2009-07-14 01:08 - 00032616 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-07-08 16:47 - 2014-01-28 18:50 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster 2014-07-08 15:17 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\Lewis\AppData\Local\VirtualStore 2014-07-08 12:31 - 2014-07-08 12:21 - 00000000 ___DC () C:\EEK 2014-07-08 10:57 - 2014-07-08 10:57 - 02347384 _____ (ESET) C:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe 2014-07-08 10:34 - 2014-07-08 10:34 - 00030336 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-08 05:00 - 2014-07-08 04:59 - 109621496 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\msert.exe 2014-07-08 00:01 - 2014-07-08 00:01 - 00000000 ___DC () C:\Program Files (x86)\ESET 2014-07-02 16:45 - 2014-05-22 04:33 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys 2014-06-30 05:48 - 2014-06-30 05:48 - 00001435 _____ () C:\Users\Lewis\Desktop\Shamdasani - The Boundless Expanse sm - Shortcut.lnk 2014-06-29 22:09 - 2014-07-09 01:41 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-06-29 22:04 - 2014-07-09 01:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-06-25 15:47 - 2014-06-25 15:47 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-06-23 05:40 - 2014-03-03 12:02 - 00000000 ___DC () C:\Program Files\Sandboxie 2014-06-23 05:40 - 2014-03-03 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2014-06-23 03:58 - 2014-03-11 17:39 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-23 03:58 - 2014-03-11 17:39 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-20 16:14 - 2014-07-09 01:40 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-06-20 15:39 - 2014-07-09 01:40 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-06-18 21:39 - 2014-07-09 01:40 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-06-18 21:06 - 2014-07-09 01:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-06-18 21:06 - 2014-07-09 01:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-06-18 20:48 - 2014-07-09 01:40 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-06-18 20:42 - 2014-07-09 01:40 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-06-18 20:42 - 2014-07-09 01:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-06-18 20:41 - 2014-07-09 01:40 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-06-18 20:41 - 2014-07-09 01:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-06-18 20:32 - 2014-07-09 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-06-18 20:31 - 2014-07-09 01:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-06-18 20:26 - 2014-07-09 01:40 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-06-18 20:24 - 2014-07-09 01:40 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-06-18 20:24 - 2014-07-09 01:40 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-06-18 20:23 - 2014-07-09 01:40 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-06-18 20:16 - 2014-07-09 01:40 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-06-18 20:14 - 2014-07-09 01:40 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-06-18 20:09 - 2014-07-09 01:40 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-06-18 19:59 - 2014-07-09 01:40 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-06-18 19:56 - 2014-07-09 01:40 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-06-18 19:53 - 2014-07-09 01:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-06-18 19:51 - 2014-07-09 01:40 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-06-18 19:50 - 2014-07-09 01:40 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-06-18 19:48 - 2014-07-09 01:40 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-06-18 19:39 - 2014-07-09 01:40 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-06-18 19:38 - 2014-07-09 01:40 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-06-18 19:37 - 2014-07-09 01:40 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-06-18 19:36 - 2014-07-09 01:40 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-06-18 19:35 - 2014-07-09 01:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-06-18 19:33 - 2014-07-09 01:40 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-06-18 19:32 - 2014-07-09 01:40 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-06-18 19:28 - 2014-07-09 01:40 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-06-18 19:28 - 2014-07-09 01:40 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-06-18 19:27 - 2014-07-09 01:40 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-06-18 19:27 - 2014-07-09 01:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-06-18 19:25 - 2014-07-09 01:40 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-06-18 19:23 - 2014-07-09 01:40 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-06-18 19:22 - 2014-07-09 01:40 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-06-18 19:12 - 2014-07-09 01:40 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-06-18 19:06 - 2014-07-09 01:40 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-18 19:01 - 2014-07-09 01:40 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-06-18 18:59 - 2014-07-09 01:40 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-06-18 18:58 - 2014-07-09 01:40 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-06-18 18:58 - 2014-07-09 01:40 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-06-18 18:52 - 2014-07-09 01:40 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-06-18 18:51 - 2014-07-09 01:40 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-06-18 18:49 - 2014-07-09 01:40 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-06-18 18:46 - 2014-07-09 01:40 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-06-18 18:45 - 2014-07-09 01:40 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-06-18 18:35 - 2014-07-09 01:40 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-06-18 18:34 - 2014-07-09 01:40 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-06-18 18:15 - 2014-07-09 01:40 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-06-18 18:13 - 2014-07-09 01:40 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-06-18 18:09 - 2014-07-09 01:40 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-06-18 18:07 - 2014-07-09 01:40 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-06-18 15:18 - 2014-06-18 15:17 - 00000000 ____D () C:\Users\Lewis\AppData\Local\calibre-cache 2014-06-18 15:18 - 2014-06-18 15:15 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\calibre 2014-06-18 14:01 - 2014-06-18 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-18 14:01 - 2014-06-16 05:12 - 10971424 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe 2014-06-18 14:01 - 2014-02-15 06:22 - 00000000 ___DC () C:\ProgramData\HitmanPro 2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2014-06-17 22:18 - 2014-07-09 01:41 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-06-17 21:51 - 2014-07-09 01:41 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-06-17 21:10 - 2014-07-09 01:41 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-06-17 08:22 - 2014-06-17 08:22 - 12881523 _____ () C:\Users\Lewis\Downloads\blog-06-17-2014.xml 2014-06-16 05:12 - 2014-06-16 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-06-16 05:12 - 2014-06-16 05:11 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-06-16 05:12 - 2014-02-19 06:17 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-06-15 18:52 - 2014-06-15 18:35 - 00000000 ___DC () C:\Program Files (x86)\Amazon 2014-06-15 18:39 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Resources 2014-06-15 18:23 - 2014-06-15 18:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lewis\Downloads\mbar-1.07.0.1012.exe 2014-06-15 18:21 - 2014-04-22 09:23 - 00000000 ___DC () C:\Program Files (x86)\LastPass 2014-06-15 16:46 - 2014-06-15 16:46 - 00000000 _____ () C:\windows\setuperr.log 2014-06-14 23:56 - 2014-04-22 09:23 - 00000000 ____D () C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass 2014-06-14 23:56 - 2014-04-22 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass 2014-06-14 14:40 - 2012-03-10 19:13 - 00000000 ___DC () C:\Program Files\CCleaner 2014-06-13 16:43 - 2014-06-13 16:43 - 00090202 _____ () C:\Users\Lewis\Downloads\09Jan2014 DEPTH PSYCHOLOGY RESOURCES - MASTER LIST (JAN-9) (3).xlsx 2014-06-13 15:29 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache 2014-06-11 07:55 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2014-06-09 10:56 - 2014-06-09 16:15 - 00001108 _____ () C:\Users\Lewis\Documents\Malwarebytes Anti-Malware.lnk 2014-06-09 10:56 - 2014-06-09 10:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-09 10:56 - 2014-05-21 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
  12. aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-07-09 17:55:44 ----------------------------- 17:55:44.066 OS Version: Windows x64 6.1.7601 Service Pack 1 17:55:44.067 Number of processors: 4 586 0x2A07 17:55:44.068 ComputerName: LEWIS-PC UserName: Lewis 17:55:45.554 Initialize success 17:55:45.756 VM: initialized successfully 17:55:45.780 VM: Intel CPU supported 17:55:58.685 VM: supported disk I/O iaStor.sys 17:57:08.303 AVAST engine defs: 14070900 17:57:08.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:57:08.657 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3 17:57:09.071 VM: Disk 0 MBR read successfully 17:57:09.079 Disk 0 MBR scan 17:57:09.185 Disk 0 Windows 7 default MBR code 17:57:09.209 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048 17:57:09.241 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848 17:57:09.252 Disk 0 Boot: NTFS code=1 17:57:09.307 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848 17:57:09.509 Disk 0 scanning C:\windows\system32\drivers 17:57:35.200 Service scanning 17:58:26.331 Modules scanning 17:58:26.347 Disk 0 trace - called modules: 17:58:26.373 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 17:58:26.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f63060] 17:58:26.400 3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> [0xfffffa800591ba10] 17:58:26.413 5 ACPI.sys[fffff88000d7d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005923050] 17:58:27.951 AVAST engine scan C:\windows 17:58:34.996 AVAST engine scan C:\windows\system32 18:04:49.494 AVAST engine scan C:\windows\system32\drivers 18:05:15.886 AVAST engine scan C:\Users\Lewis 18:05:56.936 Scan stopped 18:07:43.219 Disk 0 MBR has been saved successfully to "C:\Users\Lewis\Desktop\MBR.dat" 18:07:43.225 The log file has been saved successfully to "C:\Users\Lewis\Desktop\aswMBR.txt"
  13. For the last three days my laptop is moving at an increasingly slower pace when attempting to open various pages on the internet. I have run Malwarebytes Pro, Microsoft Security Essentials [Full Scan], Microsoft Security Scanner, etc. and cannot find any Malware detected but still my laptop is moving slower and slower. Is there a diagnostic test that I can run to help determine what the source of this issue might be? I am using a Dell 5110; 64 bit operating system, Windows 7 Home Premium Thank you
  14. I have a very general question about the new Premium Version of Malwarebytes. The former version had choices such as Quick Scan, Full Scan, Custom Scan but the new version seems to have only the option to click on "Scan." Is this scan a Full Scan? if so, it is very much faster. Am I correct that this is the only option on the new version or am I missing something. I apologize for asking such a general question but I simply do not know. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.