Mobogenie Infections

Purrington · July 4, 2015

My laptop began running slowly yesterday.

I ran several programs to see what it might be and when I ran Hitman Pro the results indicated I have a Mobogenie Infections an a couple of others.

I do not see Mobogenie listed as an installed program or download so I do not know how to find it and get rid of the pesky infection.

See Attached Screenshot.

I do not qualify for the free removal of infections by Hitman Pro so wanted to see if anyone here could assist me in removing it as well as to check if I have any other infections.

Thank you

kevinf80 · July 5, 2015

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.

Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser.

Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may or may not see this message box.

'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:

Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Let me see those logs in your reply....

Thank you,

Kevin...

Purrington · July 5, 2015

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/5/2015

Scan Time: 7:50:14 AM

Logfile:

Administrator: Yes

Version: 2.01.8.1057

Malware Database: v2015.07.05.02

Rootkit Database: v2015.07.03.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Lewis

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 375057

Time Elapsed: 24 min, 55 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015

Ran by Lewis (administrator) on LEWIS-PC on 05-07-2015 09:22:23

Running from C:\Users\Lewis\Desktop

Loaded Profiles: Lewis (Available Profiles: Lewis)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-04] (Avast Software s.r.o.)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621752 2015-06-29] (Malwarebytes Corporation)

HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION

HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-04] (Avast Software s.r.o.)

ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)

ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)

ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)

ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File

ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File

ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File

ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-04] (Avast Software s.r.o.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-04] (Avast Software s.r.o.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '

Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{D29B769C-100A-4F38-A28B-84B9F81A6B26}: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-04]

Chrome:

=======

CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]

CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]

CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]

CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]

CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]

CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]

CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]

CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]

CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]

CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-04]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]

CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]

CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]

CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-03-29]

CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]

CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-02]

CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]

CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]

CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]

CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]

CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]

CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-04] (Avast Software s.r.o.)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-04] (Avast Software)

S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()

S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )

S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )

S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [712504 2015-06-29] (Malwarebytes Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-04] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-04] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-04] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-04] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-04] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-04] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-04] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-04] ()

R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-06-29] ()

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)

S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-07-05] ()

S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-05] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-05] ()

U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-04] (Avast Software)

S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]

S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]

S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 09:22 - 2015-07-05 09:22 - 00033730 _____ C:\Users\Lewis\Desktop\FRST.txt

2015-07-05 09:18 - 2015-07-05 09:18 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe

2015-07-05 07:00 - 2015-07-05 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2015-07-05 06:41 - 2015-07-05 06:41 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit

2015-07-05 06:40 - 2015-07-05 06:41 - 03067496 _____ (Malwarebytes ) C:\Users\Lewis\Downloads\mbae-setup-1.07.1.1010.exe

2015-07-05 06:14 - 2015-07-05 06:30 - 00043664 _____ C:\windows\system32\Drivers\hitmanpro37.sys

2015-07-05 06:05 - 2015-07-05 07:01 - 00000280 _____ C:\windows\setupact.log

2015-07-05 06:05 - 2015-07-05 06:05 - 00000000 _____ C:\windows\setuperr.log

2015-07-05 05:26 - 2015-07-05 05:17 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts.20150705-052636.backup

2015-07-05 05:20 - 2015-07-05 06:10 - 00003988 _____ C:\windows\PFRO.log

2015-07-05 05:13 - 2015-07-05 08:52 - 00010676 _____ C:\windows\WindowsUpdate.log

2015-07-05 05:01 - 2015-07-05 05:06 - 12908872 _____ C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio_setup.exe

2015-07-05 04:39 - 2015-07-05 04:39 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2015-07-05 04:39 - 2015-07-05 04:39 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2015-07-05 04:39 - 2015-07-05 04:39 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2015-07-05 04:31 - 2015-07-05 04:31 - 00000000 ___DC C:\TDSSKiller_Quarantine

2015-07-04 18:31 - 2015-07-04 18:33 - 02952814 _____ (Malwarebytes Corporation) C:\Users\Lewis\Downloads\JRT (1).exe

2015-07-04 18:16 - 2015-07-04 18:16 - 00021943 ____C C:\ComboFix.txt

2015-07-04 17:52 - 2015-07-05 06:10 - 00000085 _____ C:\windows\wininit.ini

2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software

2015-07-04 17:44 - 2015-07-04 17:44 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update

2015-07-04 17:44 - 2015-07-04 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-07-04 17:43 - 2015-07-04 17:44 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys

2015-07-04 17:43 - 2015-07-04 17:43 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys

2015-07-04 17:43 - 2015-07-04 17:43 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe

2015-07-04 17:43 - 2015-07-04 17:43 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys

2015-07-04 17:43 - 2015-07-04 17:43 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys

2015-07-04 17:43 - 2015-07-04 17:43 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys

2015-07-04 17:43 - 2015-07-04 17:43 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys

2015-07-04 17:43 - 2015-07-04 17:43 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys

2015-07-04 17:43 - 2015-07-04 17:43 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr

2015-07-04 17:43 - 2015-07-04 17:43 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys

2015-07-04 17:33 - 2015-07-04 17:34 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe

2015-07-04 17:29 - 2015-07-04 17:29 - 00305640 _____ C:\Users\Lewis\Documents\cc_20150704_172927.reg

2015-07-04 16:30 - 2015-07-04 16:58 - 17853688 _____ C:\Users\Lewis\Downloads\RogueKiller.exe

2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe

2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software

2015-07-04 15:33 - 2015-07-05 05:40 - 00000000 ___DC C:\EEK

2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys

2015-07-04 14:57 - 2015-07-04 17:24 - 00000000 ___DC C:\ProgramData\MFAData

2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData

2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg2015

2015-07-04 14:45 - 2015-07-04 14:45 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup505

2015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip

2015-07-04 14:12 - 2015-07-04 14:52 - 00000000 ___DC C:\ProgramData\HitmanPro

2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe

2015-07-04 13:10 - 2015-07-05 06:34 - 00000000 ___DC C:\ProgramData\Sophos

2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup

2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup

2015-07-04 09:25 - 2015-07-04 09:29 - 02244096 _____ C:\Users\Lewis\Downloads\AdwCleaner.exe

2015-06-20 08:27 - 2015-07-05 04:57 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job

2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip

2015-06-19 09:17 - 2015-07-04 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart

2015-06-19 09:17 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Public\Desktop\BookSmart.lnk

2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb

2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData

2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart

2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe

2015-06-12 16:58 - 2015-07-05 05:13 - 00780814 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe

2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe

2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe

2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll

2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll

2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll

2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll

2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys

2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast

2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe

2015-06-06 05:48 - 2015-06-05 11:26 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150606-054841.backup

2015-06-06 05:47 - 2015-07-05 06:10 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-06-06 05:47 - 2015-07-05 04:39 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy

2015-06-05 11:30 - 2015-06-05 11:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lewis\Downloads\tdsskiller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 09:22 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST

2015-07-05 09:19 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-07-05 09:14 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files

2015-07-05 08:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job

2015-07-05 08:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-05 08:34 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-05 07:11 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-05 07:11 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-05 07:08 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner

2015-07-05 07:06 - 2015-05-26 06:30 - 00780814 _____ C:\windows\system32\PerfStringBackup.INI

2015-07-05 07:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit

2015-07-05 07:01 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate

2015-07-05 06:08 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT

2015-07-05 06:05 - 2009-07-14 01:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT

2015-07-05 05:21 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT

2015-07-05 05:17 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini

2015-07-05 04:48 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_170

2015-07-05 04:41 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp

2015-07-05 04:38 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys

2015-07-05 03:14 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive

2015-07-04 18:49 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.0

2015-07-04 18:16 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox

2015-07-04 18:12 - 2009-07-13 22:34 - 00000215 ____C C:\windows\system.ini

2015-07-04 17:06 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150704-170937.backup

2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software

2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif

2015-07-04 14:57 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150704-163657.backup

2015-07-04 14:41 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt

2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup

2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster

2015-07-04 11:53 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT

2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup

2015-07-04 10:37 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE

2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

2015-07-04 08:47 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis

2015-07-04 08:46 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX

2015-07-04 08:46 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller

2015-07-04 08:46 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-04 08:46 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-07-04 08:46 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses

2015-07-04 08:46 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss

2015-07-04 08:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF

2015-07-04 08:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration

2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime

2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 __RDC C:\MSOCache

2015-07-04 08:12 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer

2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement

2015-06-21 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job

2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_688

2015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_54

2015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment

2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_258

2015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache

2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser

2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel

2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions

2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT

2015-06-10 05:13 - 2012-03-04 03:42 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2015-06-06 15:40 - 2012-03-02 17:24 - 00000000 ____D C:\Temp

2015-06-06 06:01 - 2012-03-03 16:49 - 05868101 ____C C:\ProgramData\dleascan.log

2015-06-06 06:00 - 2012-03-03 18:02 - 01809566 ____C C:\ProgramData\dlea.log

2015-06-06 04:37 - 2014-10-04 05:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-06-05 17:04 - 2013-07-28 19:31 - 00000000 ____D C:\Users\Lewis\Documents\My Kindle Content

==================== Files in the root of some directories =======

2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-08-24 10:04 - 2014-11-13 08:40 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache

2013-08-24 10:05 - 2014-11-13 08:40 - 0655822 _____ () C:\Users\Lewis\AppData\Local\census.cache

2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache

2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg

2014-11-13 08:32 - 2014-11-13 08:32 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache

2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log

2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log

2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log

Some files in TEMP:

====================

C:\Users\Lewis\AppData\Local\Temp\HitmanPro.exe

Some zero byte size files/folders:

==========================

C:\Windows\SysWOW64\CISVC.EXE

C:\Windows\SysWOW64\conhost.exe

C:\Windows\SysWOW64\csrss.exe

C:\Windows\SysWOW64\dwm.exe

C:\Windows\SysWOW64\lsass.exe

C:\Windows\SysWOW64\lsm.exe

C:\Windows\SysWOW64\services.exe

C:\Windows\SysWOW64\smss.exe

C:\Windows\SysWOW64\spoolsv.exe

C:\Windows\SysWOW64\taskhost.exe

C:\Windows\SysWOW64\winlogon.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-04 19:54

==================== End of log ============================

RogueKiller V10.8.7.0 [Jun 29 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Lewis [Administrator]

Started from : C:\Users\Lewis\Downloads\RogueKiller.exe

Mode : Scan -- Date : 07/05/2015 09:36:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] afd3e18634a03cfc5f5cd4c7c7c1540f

[bSP] 2ec32c4dafc030881e2a9675b975a583 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

============================================

RKreport_SCN_05122015_183040.log - RKreport_DEL_05122015_183111.log - RKreport_SCN_05222015_120319.log - RKreport_DEL_05222015_120346.log

RKreport_SCN_05262015_054655.log - RKreport_DEL_05262015_054721.log - RKreport_SCN_05272015_064243.log - RKreport_DEL_05272015_064344.log

RKreport_SCN_05272015_173421.log - RKreport_DEL_05272015_173455.log - RKreport_SCN_05282015_173824.log - RKreport_SCN_05282015_174102.log

RKreport_SCN_05312015_123349.log - RKreport_DEL_05312015_124801.log - RKreport_SCN_05312015_131027.log - RKreport_SCN_06012015_165806.log

RKreport_SCN_06052015_112549.log - RKreport_SCN_06092015_175855.log - RKreport_DEL_06092015_175938.log - RKreport_SCN_06102015_155009.log

RKreport_SCN_06122015_162140.log - RKreport_DEL_06122015_162209.log - RKreport_SCN_06162015_112855.log - RKreport_SCN_06172015_122756.log

RKreport_SCN_06212015_133144.log - RKreport_SCN_06242015_110930.log - RKreport_SCN_06252015_103717.log - RKreport_SCN_06272015_155331.log

RKreport_SCN_06292015_154110.log - RKreport_SCN_07042015_053135.log - RKreport_SCN_07042015_080641.log - RKreport_SCN_07042015_145726.log

RKreport_DEL_07042015_145803.log - RKreport_SCN_07042015_170619.log - RKreport_DEL_07042015_170640.log - RKreport_SCN_07052015_044742.log

RKreport_DEL_07052015_044811.log

Addition.txt

kevinf80 · July 5, 2015

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin...

kevinf80 · July 5, 2015

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin...

kevinf80 · July 5, 2015

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin...

kevinf80 · July 5, 2015

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin...

kevinf80 · July 5, 2015

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin...

Fixlist.txt

Purrington · July 5, 2015

1. Kevin: Please notice that your last response was posted multiple times on this thread.

2. I have a problem. When I ran the FRST and after hitting the "FIX" button once a log appeared and I was asked to reboot my laptop.

When my laptop rebooted I could not connect my laptop [see Image Attached ] to the internet so I had to do a "System Restore."

When my laptop rebooted after the "System Restore" a notification popped up of a "System Error." [see Image Attached]

Since I had to to a "System Restore" do you still wish me to run the ADWCleaner, JRT and other steps you listed above?

Here is the Fix.Log results:

Fix result of Farbar Recovery Scan Tool (x64) Version:04-07-2015

Ran by Lewis at 2015-07-05 14:20:21 Run:4

Running from C:\Users\Lewis\Desktop

Loaded Profiles: Lewis (Available Profiles: Lewis)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start