Purrington Posted July 4, 2015 ID:974238 Share Posted July 4, 2015 My laptop began running slowly yesterday. I ran several programs to see what it might be and when I ran Hitman Pro the results indicated I have a Mobogenie Infections an a couple of others. I do not see Mobogenie listed as an installed program or download so I do not know how to find it and get rid of the pesky infection. See Attached Screenshot. I do not qualify for the free removal of infections by Hitman Pro so wanted to see if anyone here could assist me in removing it as well as to check if I have any other infections. Thank you Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974269 Share Posted July 5, 2015 Hello and welcome to Malwarebytes.orgP2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Next,Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Next,Follow the instructions in the following link to show hidden files:http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/Next,Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Next,Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes select "Report", log will open. Close the program > Don't Fix anything! Post back the report which should also be located here:C:\Programdata\RogueKiller\Logs <-------- W7/8C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XPLet me see those logs in your reply....Thank you,Kevin... Link to post Share on other sites More sharing options...
Purrington Posted July 5, 2015 Author ID:974290 Share Posted July 5, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/5/2015Scan Time: 7:50:14 AMLogfile: Administrator: Yes Version: 2.01.8.1057Malware Database: v2015.07.05.02Rootkit Database: v2015.07.03.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Lewis Scan Type: Threat ScanResult: CompletedObjects Scanned: 375057Time Elapsed: 24 min, 55 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015Ran by Lewis (administrator) on LEWIS-PC on 05-07-2015 09:22:23Running from C:\Users\Lewis\DesktopLoaded Profiles: Lewis (Available Profiles: Lewis)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppHKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-04] (Avast Software s.r.o.)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621752 2015-06-29] (Malwarebytes Corporation)HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: ** <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.pif <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTIONWinlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-04] (Avast Software s.r.o.)ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No FileShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No FileShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No FileShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No FileBootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-04] (Avast Software s.r.o.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-04] (Avast Software s.r.o.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{D29B769C-100A-4F38-A28B-84B9F81A6B26}: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-04] Chrome: =======CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-04]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-03-29]CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-02]CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-04] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-04] (Avast Software)S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [712504 2015-06-29] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-04] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-04] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-04] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-04] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-04] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-04] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-04] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-04] ()R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-06-29] ()S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-07-05] ()S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-05] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-05] ()U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-04] (Avast Software)S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-05 09:22 - 2015-07-05 09:22 - 00033730 _____ C:\Users\Lewis\Desktop\FRST.txt2015-07-05 09:18 - 2015-07-05 09:18 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe2015-07-05 07:00 - 2015-07-05 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2015-07-05 06:41 - 2015-07-05 06:41 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-07-05 06:40 - 2015-07-05 06:41 - 03067496 _____ (Malwarebytes ) C:\Users\Lewis\Downloads\mbae-setup-1.07.1.1010.exe2015-07-05 06:14 - 2015-07-05 06:30 - 00043664 _____ C:\windows\system32\Drivers\hitmanpro37.sys2015-07-05 06:05 - 2015-07-05 07:01 - 00000280 _____ C:\windows\setupact.log2015-07-05 06:05 - 2015-07-05 06:05 - 00000000 _____ C:\windows\setuperr.log2015-07-05 05:26 - 2015-07-05 05:17 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts.20150705-052636.backup2015-07-05 05:20 - 2015-07-05 06:10 - 00003988 _____ C:\windows\PFRO.log2015-07-05 05:13 - 2015-07-05 08:52 - 00010676 _____ C:\windows\WindowsUpdate.log2015-07-05 05:01 - 2015-07-05 05:06 - 12908872 _____ C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio_setup.exe2015-07-05 04:39 - 2015-07-05 04:39 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job2015-07-05 04:39 - 2015-07-05 04:39 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2015-07-05 04:39 - 2015-07-05 04:39 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job2015-07-05 04:31 - 2015-07-05 04:31 - 00000000 ___DC C:\TDSSKiller_Quarantine2015-07-04 18:31 - 2015-07-04 18:33 - 02952814 _____ (Malwarebytes Corporation) C:\Users\Lewis\Downloads\JRT (1).exe2015-07-04 18:16 - 2015-07-04 18:16 - 00021943 ____C C:\ComboFix.txt2015-07-04 17:52 - 2015-07-05 06:10 - 00000085 _____ C:\windows\wininit.ini2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software2015-07-04 17:44 - 2015-07-04 17:44 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update2015-07-04 17:44 - 2015-07-04 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-07-04 17:43 - 2015-07-04 17:44 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys2015-07-04 17:43 - 2015-07-04 17:43 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys2015-07-04 17:43 - 2015-07-04 17:43 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe2015-07-04 17:43 - 2015-07-04 17:43 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys2015-07-04 17:43 - 2015-07-04 17:43 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys2015-07-04 17:43 - 2015-07-04 17:43 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys2015-07-04 17:43 - 2015-07-04 17:43 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys2015-07-04 17:43 - 2015-07-04 17:43 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys2015-07-04 17:43 - 2015-07-04 17:43 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr2015-07-04 17:43 - 2015-07-04 17:43 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys2015-07-04 17:33 - 2015-07-04 17:34 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe2015-07-04 17:29 - 2015-07-04 17:29 - 00305640 _____ C:\Users\Lewis\Documents\cc_20150704_172927.reg2015-07-04 16:30 - 2015-07-04 16:58 - 17853688 _____ C:\Users\Lewis\Downloads\RogueKiller.exe2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software2015-07-04 15:33 - 2015-07-05 05:40 - 00000000 ___DC C:\EEK2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys2015-07-04 14:57 - 2015-07-04 17:24 - 00000000 ___DC C:\ProgramData\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg20152015-07-04 14:45 - 2015-07-04 14:45 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup5052015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip2015-07-04 14:12 - 2015-07-04 14:52 - 00000000 ___DC C:\ProgramData\HitmanPro2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe2015-07-04 13:10 - 2015-07-05 06:34 - 00000000 ___DC C:\ProgramData\Sophos2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup2015-07-04 09:25 - 2015-07-04 09:29 - 02244096 _____ C:\Users\Lewis\Downloads\AdwCleaner.exe2015-06-20 08:27 - 2015-07-05 04:57 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip2015-06-19 09:17 - 2015-07-04 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart2015-06-19 09:17 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Public\Desktop\BookSmart.lnk2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe2015-06-12 16:58 - 2015-07-05 05:13 - 00780814 _____ C:\windows\SysWOW64\PerfStringBackup.INI2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe2015-06-06 05:48 - 2015-06-05 11:26 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150606-054841.backup2015-06-06 05:47 - 2015-07-05 06:10 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 22015-06-06 05:47 - 2015-07-05 04:39 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy2015-06-05 11:30 - 2015-06-05 11:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lewis\Downloads\tdsskiller.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-05 09:22 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST2015-07-05 09:19 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-07-05 09:14 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files2015-07-05 08:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job2015-07-05 08:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-05 08:34 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-07-05 07:11 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-05 07:11 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-05 07:08 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner2015-07-05 07:06 - 2015-05-26 06:30 - 00780814 _____ C:\windows\system32\PerfStringBackup.INI2015-07-05 07:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit2015-07-05 07:01 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate2015-07-05 06:08 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT2015-07-05 06:05 - 2009-07-14 01:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT2015-07-05 05:21 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT2015-07-05 05:17 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini2015-07-05 04:48 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_1702015-07-05 04:41 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp2015-07-05 04:38 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys2015-07-05 03:14 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive2015-07-04 18:49 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.02015-07-04 18:16 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox2015-07-04 18:12 - 2009-07-13 22:34 - 00000215 ____C C:\windows\system.ini2015-07-04 17:06 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150704-170937.backup2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif2015-07-04 14:57 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150704-163657.backup2015-07-04 14:41 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster2015-07-04 11:53 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup2015-07-04 10:37 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task2015-07-04 08:47 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis2015-07-04 08:46 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX2015-07-04 08:46 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller2015-07-04 08:46 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-07-04 08:46 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-07-04 08:46 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses2015-07-04 08:46 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss2015-07-04 08:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF2015-07-04 08:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 __RDC C:\MSOCache2015-07-04 08:12 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement2015-06-21 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_6882015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_542015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_2582015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT2015-06-10 05:13 - 2012-03-04 03:42 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-06-06 15:40 - 2012-03-02 17:24 - 00000000 ____D C:\Temp2015-06-06 06:01 - 2012-03-03 16:49 - 05868101 ____C C:\ProgramData\dleascan.log2015-06-06 06:00 - 2012-03-03 18:02 - 01809566 ____C C:\ProgramData\dlea.log2015-06-06 04:37 - 2014-10-04 05:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-06-05 17:04 - 2013-07-28 19:31 - 00000000 ____D C:\Users\Lewis\Documents\My Kindle Content ==================== Files in the root of some directories ======= 2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR2013-08-24 10:04 - 2014-11-13 08:40 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache2013-08-24 10:05 - 2014-11-13 08:40 - 0655822 _____ () C:\Users\Lewis\AppData\Local\census.cache2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg2014-11-13 08:32 - 2014-11-13 08:32 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log Some files in TEMP:====================C:\Users\Lewis\AppData\Local\Temp\HitmanPro.exe Some zero byte size files/folders:==========================C:\Windows\SysWOW64\CISVC.EXEC:\Windows\SysWOW64\conhost.exeC:\Windows\SysWOW64\csrss.exeC:\Windows\SysWOW64\dwm.exeC:\Windows\SysWOW64\lsass.exeC:\Windows\SysWOW64\lsm.exeC:\Windows\SysWOW64\services.exeC:\Windows\SysWOW64\smss.exeC:\Windows\SysWOW64\spoolsv.exeC:\Windows\SysWOW64\taskhost.exeC:\Windows\SysWOW64\winlogon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-04 19:54 ==================== End of log ============================ RogueKiller V10.8.7.0 [Jun 29 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Lewis [Administrator]Started from : C:\Users\Lewis\Downloads\RogueKiller.exeMode : Scan -- Date : 07/05/2015 09:36:26 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST9500325AS +++++--- User ---[MBR] afd3e18634a03cfc5f5cd4c7c7c1540f[bSP] 2ec32c4dafc030881e2a9675b975a583 : Windows Vista/7/8|VT.Unknown MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_05122015_183040.log - RKreport_DEL_05122015_183111.log - RKreport_SCN_05222015_120319.log - RKreport_DEL_05222015_120346.logRKreport_SCN_05262015_054655.log - RKreport_DEL_05262015_054721.log - RKreport_SCN_05272015_064243.log - RKreport_DEL_05272015_064344.logRKreport_SCN_05272015_173421.log - RKreport_DEL_05272015_173455.log - RKreport_SCN_05282015_173824.log - RKreport_SCN_05282015_174102.logRKreport_SCN_05312015_123349.log - RKreport_DEL_05312015_124801.log - RKreport_SCN_05312015_131027.log - RKreport_SCN_06012015_165806.logRKreport_SCN_06052015_112549.log - RKreport_SCN_06092015_175855.log - RKreport_DEL_06092015_175938.log - RKreport_SCN_06102015_155009.logRKreport_SCN_06122015_162140.log - RKreport_DEL_06122015_162209.log - RKreport_SCN_06162015_112855.log - RKreport_SCN_06172015_122756.logRKreport_SCN_06212015_133144.log - RKreport_SCN_06242015_110930.log - RKreport_SCN_06252015_103717.log - RKreport_SCN_06272015_155331.logRKreport_SCN_06292015_154110.log - RKreport_SCN_07042015_053135.log - RKreport_SCN_07042015_080641.log - RKreport_SCN_07042015_145726.logRKreport_DEL_07042015_145803.log - RKreport_SCN_07042015_170619.log - RKreport_DEL_07042015_170640.log - RKreport_SCN_07052015_044742.logRKreport_DEL_07052015_044811.log Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974327 Share Posted July 5, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns.... Thanks, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974328 Share Posted July 5, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns.... Thanks, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974329 Share Posted July 5, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns.... Thanks, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974330 Share Posted July 5, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns.... Thanks, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974331 Share Posted July 5, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns.... Thanks, Kevin...Fixlist.txt Link to post Share on other sites More sharing options...
Purrington Posted July 5, 2015 Author ID:974353 Share Posted July 5, 2015 1. Kevin: Please notice that your last response was posted multiple times on this thread. 2. I have a problem. When I ran the FRST and after hitting the "FIX" button once a log appeared and I was asked to reboot my laptop. When my laptop rebooted I could not connect my laptop [see Image Attached ] to the internet so I had to do a "System Restore." When my laptop rebooted after the "System Restore" a notification popped up of a "System Error." [see Image Attached] Since I had to to a "System Restore" do you still wish me to run the ADWCleaner, JRT and other steps you listed above? Here is the Fix.Log results: Fix result of Farbar Recovery Scan Tool (x64) Version:04-07-2015Ran by Lewis at 2015-07-05 14:20:21 Run:4Running from C:\Users\Lewis\DesktopLoaded Profiles: Lewis (Available Profiles: Lewis)Boot Mode: Normal============================================== fixlist content:*****************StartHKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: ** <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.pif <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTIONShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No FileShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No FileShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No FileShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No FileHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONWinsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)C:\Windows\SysWOW64\CISVC.EXES3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)C:\Windows\SysWOW64\lsass.exeR3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)C:\Windows\SysWOW64\spoolsv.exeS3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]C:\Windows\SysWOW64\CISVC.EXEC:\Windows\SysWOW64\conhost.exeC:\Windows\SysWOW64\csrss.exeC:\Windows\SysWOW64\dwm.exeC:\Windows\SysWOW64\lsass.exeC:\Windows\SysWOW64\lsm.exeC:\Windows\SysWOW64\services.exeC:\Windows\SysWOW64\smss.exeC:\Windows\SysWOW64\spoolsv.exeC:\Windows\SysWOW64\taskhost.exeC:\Windows\SysWOW64\winlogon.exeTask: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTIONTask: {D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:5C321E34Emptytemp:End***************** HKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfullyHKLM => Group Policy Restriction on software restored successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key removed successfully"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key removed successfully"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully"HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfullyWinsock: Catalog entry 000000000008 => removed successfullyWinsock: Catalog entry 000000000009 => removed successfullyWinsock: Catalog entry 000000000008 => removed successfullyWinsock: Catalog entry 000000000009 => removed successfullyCISVC => Service removed successfullyC:\Windows\SysWOW64\CISVC.EXE => moved successfully.EFS => Service removed successfullyC:\Windows\SysWOW64\lsass.exe => moved successfully.KeyIso => Unable to stop service.KeyIso => Service removed successfullyNetlogon => Service removed successfullyProtectedStorage => Service stopped successfully.ProtectedStorage => Service removed successfullySamSs => Unable to stop service.SamSs => Service removed successfullySpooler => Service stopped successfully.Spooler => Service removed successfullyC:\Windows\SysWOW64\spoolsv.exe => moved successfully.VaultSvc => Service removed successfullycleanhlp => Service removed successfullyMpFilter => Service removed successfullyNisDrv => Service removed successfullyPCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service removed successfully"C:\Windows\SysWOW64\CISVC.EXE" => File/Folder not found.C:\Windows\SysWOW64\conhost.exe => moved successfully.C:\Windows\SysWOW64\csrss.exe => moved successfully.C:\Windows\SysWOW64\dwm.exe => moved successfully."C:\Windows\SysWOW64\lsass.exe" => File/Folder not found.C:\Windows\SysWOW64\lsm.exe => moved successfully.C:\Windows\SysWOW64\services.exe => moved successfully.C:\Windows\SysWOW64\smss.exe => moved successfully."C:\Windows\SysWOW64\spoolsv.exe" => File/Folder not found.C:\Windows\SysWOW64\taskhost.exe => moved successfully.C:\Windows\SysWOW64\winlogon.exe => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C0722CC-91F2-4A85-810C-700C5DF6B983}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0722CC-91F2-4A85-810C-700C5DF6B983}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => key removed successfullyC:\ProgramData\Temp => ":5C321E34" ADS removed successfully.EmptyTemp: => 272.5 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 14:20:57 ==== Please advise what I am to do now. Thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974362 Share Posted July 5, 2015 If you`ve used system restore then the system be to where we started I guess.. When the connection was lost did you use the trouble shooter to see what was wrong? did it give any indication? The SDTray error is related to Spybot S&D, a simple reinstall would have fixed that.... Best option is to run FRST again, see what the logs show.... Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs.... Thanks, Kevin Link to post Share on other sites More sharing options...
Purrington Posted July 5, 2015 Author ID:974367 Share Posted July 5, 2015 I did run the "Troubleshooter" but it did not provide a cure. Do I need to do anything regarding the "Hidden Files" you had me "Un-Hide" at the beginning of this process? The FRST.Txt was quite short: LastRegBack: 2015-07-04 19:54 ==================== End of log ============================ dditional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015Ran by Lewis at 2015-07-05 15:57:40Running from C:\Users\Lewis\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1422163307-3788927115-2030255185-500 - Administrator - Disabled)Guest (S-1-5-21-1422163307-3788927115-2030255185-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1422163307-3788927115-2030255185-1002 - Limited - Enabled)Lewis (S-1-5-21-1422163307-3788927115-2030255185-1000 - Administrator - Enabled) => C:\Users\Lewis ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)Akamai NetSession Interface (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Akamai) (Version: - Akamai Technologies, Inc)Amazon Kindle (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Amazon Kindle) (Version: - Amazon)Avery Template - U_0087_01_PlateauLines_0805_01_en (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 1.0.0.0 - Avery)Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)BookSmart® 3.4.7 3.4.7 (HKLM-x32\...\BookSmart® 3.4.7 3.4.7) (Version: - Blurb, Inc)ChromecastApp (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) HiddenDell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft)Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)Dell Support Center (Version: 3.1.5907.23 - PC-Doctor, Inc.) HiddenDell System Detect - 1 (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\73f463568823ebbe) (Version: 6.2.0.5 - Dell)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) HiddenSawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.0.0 - Tweaking.com)Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.0 - Tweaking.com)Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)Zinio Alert Messenger (x32 Version: 4.0.2570 - Zinio LLC) HiddenZinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 11-05-2015 17:19:39 avast! antivirus system restore point13-05-2015 05:43:50 Windows Update13-05-2015 06:10:25 Windows Update18-05-2015 02:18:51 Windows Backup18-05-2015 18:35:18 Installed Microsoft Fix it 5004319-05-2015 16:09:40 Windows Update25-05-2015 00:24:14 Windows Backup28-05-2015 14:12:20 Installed Microsoft Fix it 5004329-05-2015 10:41:48 Restore Operation29-05-2015 10:50:51 avast! antivirus system restore point29-05-2015 11:38:27 Restore Operation29-05-2015 11:47:47 avast! antivirus system restore point29-05-2015 14:55:29 Installed AppNHost 1.0.5.131-05-2015 12:17:07 Removed AppNHost 1.0.5.131-05-2015 19:00:14 Windows Backup01-06-2015 10:51:47 Restore Operation01-06-2015 10:58:56 avast! antivirus system restore point06-06-2015 05:26:28 Installed Should I Remove It06-06-2015 07:56:52 Removed Should I Remove It07-06-2015 08:57:03 Installed AppNHost 1.0.5.107-06-2015 09:56:34 Removed AppNHost 1.0.5.107-06-2015 21:36:46 Windows Backup10-06-2015 05:07:18 Windows Update14-06-2015 19:00:28 Windows Backup21-06-2015 22:44:41 Windows Backup28-06-2015 02:30:11 Installed QuickTime 728-06-2015 07:29:27 Removed Apple Application Support28-06-2015 07:30:34 Removed Apple Software Update28-06-2015 07:31:17 Removed QuickTime 704-07-2015 08:49:00 avast! antivirus system restore point04-07-2015 08:57:52 Windows Backup04-07-2015 13:24:45 avast! antivirus system restore point04-07-2015 13:44:40 avast! antivirus system restore point04-07-2015 14:38:53 Checkpoint by HitmanPro04-07-2015 14:39:42 Checkpoint by HitmanPro04-07-2015 15:24:58 Windows Update04-07-2015 16:02:57 avast! antivirus system restore point04-07-2015 16:36:11 avast! antivirus system restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-07-04 14:57 - 00000768 ___RA C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08E7F967-E580-4036-9B5D-7DE3012A294F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)Task: {185E3DBC-FDC5-4235-8FDE-16FF17797377} - System32\Tasks\{B40DA344-C3F9-486D-911D-92A5E48179D4} => pcalua.exe -a C:\Users\Lewis\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1Task: {21122A63-5A62-4F84-A1EA-1984B34E6241} - System32\Tasks\{75893DFF-975B-473D-AA75-9E6E6CDDE341} => pcalua.exe -a D:\setup.exe -d D:\Task: {223A9C25-F81C-46EA-8C7D-4A79E134DC95} - System32\Tasks\{E0C02BB2-E10A-4787-843C-8DBE4BAFCF49} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2015-05-14] (Microsoft Corporation)Task: {3787A3F1-83A5-4EEB-9EF5-BC374252B921} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-02-07] (PC-Doctor, Inc.)Task: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTIONTask: {62A7C9AA-F510-4D81-909F-26778A6DB35E} - System32\Tasks\{21393BC9-002B-43ED-B749-9A0026DB4186} => pcalua.exe -a "C:\Users\Lewis\Downloads\Adobe and Java\air3-5_win (1).exe" -d "C:\Users\Lewis\Downloads\Adobe and Java"Task: {7DEF8614-54A8-455C-8768-AC3732A06F6E} - System32\Tasks\{C4D97FD5-2396-4D20-8C8F-6FD164DF0495} => pcalua.exe -a C:\Users\Lewis\Downloads\TrojanKillerInstallerST.exe -d C:\Users\Lewis\DownloadsTask: {8D1BE01D-912E-49A5-BF89-4C43AFF54E95} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exeTask: {94774780-6F8C-4488-AD85-C5A48CBCD8A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)Task: {9F98FE49-CF45-4470-BF74-93022BB8A52C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)Task: {A68A44E8-C312-484C-A37A-A4308FFF5F35} - System32\Tasks\{99AA92E9-46E5-4C3A-9297-4DC61C4CBB5E} => pcalua.exe -a "C:\Users\Lewis\Downloads\startuplite-setup-1.07 (1).exe" -d C:\Users\Lewis\DownloadsTask: {A81AA10F-0C68-4850-B159-81CE8F86638E} - System32\Tasks\{82B351B4-9BE0-46D5-9007-5A319806C10E} => pcalua.exe -a "C:\Program Files (x86)\ERUNT\unins000.exe"Task: {C8A0B1EF-464E-430A-B8EA-4C9E1527B067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)Task: {D0A70245-A2B9-453E-8699-A65990F429B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)Task: {D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTIONTask: {DBE087F4-8B41-46B7-9017-DB78DC55353F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)Task: {DEF5643B-367E-4A5A-B336-F79B1EF5DB7F} - System32\Tasks\{68313C00-F4BB-4305-8EEB-2FC4046E7DBD} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMainTask: {E153AC8B-C2FB-4F5B-99E9-31F8CCB775F0} - System32\Tasks\{543E591B-B6AD-46F7-BB73-E3727BEF2071} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetupTask: {F372CCE8-66B8-4D17-BCFC-CA0D5F3A91D0} - System32\Tasks\{56D83FD3-0E5D-404C-8614-0EF2D9E14D76} => pcalua.exe -a C:\Users\Lewis\Downloads\setup-trojan-killer-a01.exe -d C:\Users\Lewis\DownloadsTask: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exeTask: C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com ==================== Loaded Modules (Whitelisted) ============== 2012-03-03 16:50 - 2009-11-04 09:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 ____C () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll2012-01-05 01:09 - 2010-11-06 01:50 - 00058880 ____C () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2015-06-09 17:41 - 2015-06-05 14:22 - 01281864 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll2015-06-09 17:41 - 2015-06-05 14:22 - 00080712 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.comIE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.comIE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.comIE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.comIE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.comIE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.comIE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.comIE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.netIE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.netIE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.infoIE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 12721 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: AESTFilters => 3MSCONFIG\Services: AMPPALR3 => 2MSCONFIG\Services: Bluetooth Device Monitor => 3MSCONFIG\Services: Bluetooth Media Service => 3MSCONFIG\Services: Bluetooth OBEX Service => 3MSCONFIG\Services: BTHSSecurityMgr => 3MSCONFIG\Services: DellDigitalDelivery => 3MSCONFIG\Services: dleaCATSCustConnectService => 2MSCONFIG\Services: dlea_device => 2MSCONFIG\Services: EvtEng => 2MSCONFIG\Services: gupdate => 2MSCONFIG\Services: gupdatem => 3MSCONFIG\Services: HitmanProScheduler => 2MSCONFIG\Services: hmpalertsvc => 2MSCONFIG\Services: IAStorDataMgrSvc => 3MSCONFIG\Services: LMS => 3MSCONFIG\Services: MbaeSvc => 2MSCONFIG\Services: MBAMScheduler => 2MSCONFIG\Services: MBAMService => 2MSCONFIG\Services: MyWiFiDHCPDNS => 3MSCONFIG\Services: RegSrvc => 2MSCONFIG\Services: ReimageRealTimeProtection => 2MSCONFIG\Services: sagentservice => 2MSCONFIG\Services: SbieSvc => 2MSCONFIG\Services: Secunia PSI Agent => 2MSCONFIG\Services: SftService => 3MSCONFIG\Services: STacSV => 2MSCONFIG\Services: UNS => 3MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupMSCONFIG\startupreg: Dell V310-V510 Series => "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /sMSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupMSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D4BC1A75-993A-4D9E-91B9-99EA5424B7F6}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exeFirewallRules: [{A7308F94-CF29-40B4-B426-4DE1012A4D12}] => (Allow) C:\Windows\System32\migwiz\migwiz.exeFirewallRules: [{016C78DD-0D71-4588-A16A-9DA4EA9F5433}] => (Allow) C:\Windows\System32\migwiz\migwiz.exeFirewallRules: [{19896ABE-6595-4EF9-BF98-46C6BF2305C1}] => (Allow) LPort=7000FirewallRules: [{78F09170-0AA0-4D4D-89CE-E31D716428BE}] => (Allow) LPort=7000FirewallRules: [{3C0DCB9E-411B-486C-BB0F-11DBB449C0E8}] => (Allow) C:\windows\system32\dleacoms.exeFirewallRules: [{13C34006-AD3B-4F8B-9DC4-2CE16C1E74E6}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{EC995EB2-2D74-4857-8428-04C04C492016}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{A97E7586-1A6C-4EF9-AF8B-B4C636BE01A9}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{E5B77A04-9FCA-4B1D-8389-937D355983E4}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{858785ED-3D7D-4687-ACAA-C9322C257AAC}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exeFirewallRules: [{4D476F96-EB80-4CCE-99E9-258BC5D40D28}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exeFirewallRules: [TCP Query User{37C1316F-A736-43F8-99D2-437AFEE07D60}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exeFirewallRules: [uDP Query User{B3238130-3967-4DCF-B0B6-8FA127B9C9EA}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exeFirewallRules: [TCP Query User{8E32FEC5-4BB1-4B81-AE71-C22BF39018F3}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exeFirewallRules: [uDP Query User{B82CB4B5-285B-4A26-93E7-66C56B45E51B}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exeFirewallRules: [{11ACB871-BB58-4190-B5C6-8BA5ED1F4A96}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exeFirewallRules: [{073C79D4-1720-4049-A942-7773FA164198}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exeFirewallRules: [{90B9D05B-3EFA-4927-BA29-4FDF295C1AF8}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exeFirewallRules: [{ECF7DA78-0B9E-4018-AD71-14D3CB3B6964}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exeFirewallRules: [{F411E236-18CD-426B-90CA-01D957019C66}] => (Allow) LPort=49194FirewallRules: [{5B68883B-01F4-4BBA-BE2B-04C7B299FAD2}] => (Allow) LPort=5000FirewallRules: [{BA3F8593-D95E-457E-88FB-82991BA41561}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeFirewallRules: [{BA8442D6-8F9C-4336-9913-68BF01F48855}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeFirewallRules: [{BA85C3EF-802B-45BC-A16A-3CC4C1CE3F38}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeFirewallRules: [{1543273A-26CF-4919-A58F-7F4722F2D702}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeFirewallRules: [{91162CBC-FB0F-497E-9719-DFC5222BFA3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{5BF4D522-9117-4058-97A6-FB6B3173274F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{2DC8C5C1-BB94-4C66-A165-AAD931AF0581}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{D4B512EB-6FF6-4087-8315-4F9C6C4873CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{C8B2E2AC-0B28-472E-A7F4-CFE102805160}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{17AB482F-48C0-4FAB-A7B1-BCA97E86C05B}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{B8CDAD3A-0811-47BF-9D32-AF10F8B80C74}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{FCFA4F2A-F0C4-47E4-B220-731F7859CABD}] => (Allow) C:\windows\system32\DLEAcoms.exeFirewallRules: [{2342678C-D232-4C43-90AF-2043266AA8B6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeFirewallRules: [{1058DD1C-C9B7-4917-AC48-FA78449A7F11}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray accessStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner ServiceStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 UpdaterStandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )Description: Failed to determine if the store is in the crawl scope (error=0x8007043c). Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )Description: Failed to get the Crawl Scope Manager with error=0x8007043c. Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )Description: Failed to determine if the store is in the crawl scope (error=0x8007043c). Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )Description: Failed to get the Crawl Scope Manager with error=0x8007043c. Error: (07/05/2015 09:21:14 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/05/2015 06:35:12 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/05/2015 06:33:56 AM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Sophos Virus Removal Tool.; Error = 0x8007043c). Error: (07/05/2015 06:33:55 AM) (Source: System Restore) (EventID: 8193) (User: )Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Sophos Virus Removal Tool.; Error = 0x8007043c). Error: (07/05/2015 06:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: ZeroConfigService.exe, version: 15.6.0.0, time stamp: 0x5115a519Faulting module name: MurocApi.dll, version: 15.6.0.0, time stamp: 0x5115a44cException code: 0xc0000005Fault offset: 0x0000000000026990Faulting process id: 0xd9cFaulting application start time: 0xZeroConfigService.exe0Faulting application path: ZeroConfigService.exe1Faulting module path: ZeroConfigService.exe2Report Id: ZeroConfigService.exe3 Error: (07/05/2015 06:07:15 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown System errors:=============Error: (07/05/2015 02:49:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (07/05/2015 02:49:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (07/05/2015 02:49:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: MpFilter Error: (07/05/2015 02:49:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: %%1053 Error: (07/05/2015 02:49:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect. Error: (07/05/2015 02:49:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (07/05/2015 02:49:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (07/05/2015 02:48:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: %%31 Error: (07/05/2015 02:48:51 PM) (Source: NETLOGON) (EventID: 3095) (User: )Description: This computer is configured as a member of a workgroup, not asa member of a domain. The Netlogon service does not need to run in thisconfiguration. Error: (07/05/2015 02:37:19 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334} Microsoft Office:=========================Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )Description: 0x8007043c Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )Description: 0x8007043c Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )Description: 0x8007043c Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )Description: 0x8007043c Error: (07/05/2015 09:21:14 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\$RECYCLE.BIN\S-1-5-21-1422163307-3788927115-2030255185-1000\$R9BTRQA.exe Error: (07/05/2015 06:35:12 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe Error: (07/05/2015 06:33:56 AM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\windows\system32\msiexec.exe /VRemoved Sophos Virus Removal Tool.0x8007043c Error: (07/05/2015 06:33:55 AM) (Source: System Restore) (EventID: 8193) (User: )Description: C:\windows\system32\msiexec.exe /VRemoved Sophos Virus Removal Tool.0x8007043c Error: (07/05/2015 06:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )Description: ZeroConfigService.exe15.6.0.05115a519MurocApi.dll15.6.0.05115a44cc00000050000000000026990d9c01d0b70b29b82feeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll92e88158-22fe-11e5-adea-4c80937bcb3a Error: (07/05/2015 06:07:15 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown ==================== Memory info =========================== Processor: Intel® Core i3-2350M CPU @ 2.30GHzPercentage of memory in use: 53%Total physical RAM: 6051.18 MBAvailable physical RAM: 2783.57 MBTotal Virtual: 12100.57 MBAvailable Virtual: 8410 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:312.35 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDFF1CAD)Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End of log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974370 Share Posted July 5, 2015 Where is FRST.txt? Link to post Share on other sites More sharing options...
Purrington Posted July 5, 2015 Author ID:974372 Share Posted July 5, 2015 I posted what appeared of what appears to be an abbreviated frst.txt. See attached. Thank iyouFRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974376 Share Posted July 5, 2015 This what you`ve posted.... LastRegBack: 2015-07-04 19:54==================== End of log ============================ Link to post Share on other sites More sharing options...
Purrington Posted July 5, 2015 Author ID:974380 Share Posted July 5, 2015 Yes, Kevin that is what I posted. That is exactly what appeared on the FRST.txt which I attached as it appears in total. I realize it appears to have much text missing but that is what came up on the log. What do you wish me to do? Thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974382 Share Posted July 5, 2015 Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs.... Link to post Share on other sites More sharing options...
Purrington Posted July 5, 2015 Author ID:974387 Share Posted July 5, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015Ran by Lewis (administrator) on LEWIS-PC on 05-07-2015 17:27:55Running from C:\Users\Lewis\DesktopLoaded Profiles: Lewis (Available Profiles: Lewis)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppHKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: ** <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.pif <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTIONWinlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-07-04]ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No FileShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No FileShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No FileShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No FileBootExecute: autocheck autochk * sdnclean64.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{D29B769C-100A-4F38-A28B-84B9F81A6B26}: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) Chrome: =======CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-05]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-07-05]CHR Extension: (Shareaholic for Pinterest) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2015-07-05]CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-02]CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-05] (SurfRight B.V.)R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-05] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-04] ()U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-05 17:27 - 2015-07-05 17:28 - 00032008 _____ C:\Users\Lewis\Desktop\FRST.txt2015-07-05 17:25 - 2015-07-05 17:25 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe2015-07-05 06:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-07-05 04:31 - 2015-07-05 04:31 - 00000000 ___DC C:\TDSSKiller_Quarantine2015-07-04 18:16 - 2015-07-04 18:16 - 00021943 ____C C:\ComboFix.txt2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software2015-07-04 15:46 - 2015-07-04 15:46 - 00347816 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.135946980356890.2.1.Run.exe2015-07-04 15:35 - 2015-07-05 17:20 - 00000280 _____ C:\windows\setupact.log2015-07-04 15:35 - 2015-07-04 15:35 - 00002470 _____ C:\windows\PFRO.log2015-07-04 15:35 - 2015-07-04 15:35 - 00000000 _____ C:\windows\setuperr.log2015-07-04 15:33 - 2015-07-05 14:47 - 00000000 ___DC C:\EEK2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys2015-07-04 14:57 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg20152015-07-04 14:55 - 2015-07-04 14:57 - 04928968 _____ (AVG Technologies) C:\Users\Lewis\Downloads\avg_free_stb_all_5961p1_177.exe2015-07-04 14:52 - 2015-07-04 15:33 - 159491248 _____ C:\Users\Lewis\Downloads\EmsisoftEmergencyKit.exe2015-07-04 14:45 - 2015-07-05 14:47 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup5052015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip2015-07-04 14:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\ERUNT2015-07-04 14:41 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2015-07-04 14:40 - 2015-07-04 14:40 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe2015-07-04 14:13 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files\HitmanPro2015-07-04 14:13 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2015-07-04 14:12 - 2015-07-04 14:52 - 00000000 ___DC C:\ProgramData\HitmanPro2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe2015-07-04 13:33 - 2015-07-04 13:41 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic.exe2015-07-04 13:12 - 2015-07-04 13:19 - 14243008 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\mseinstall.exe2015-07-04 13:10 - 2015-07-05 14:43 - 00000000 ___DC C:\ProgramData\Sophos2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Sophos2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos2015-07-04 12:58 - 2015-07-04 13:08 - 126112144 _____ (Sophos Limited) C:\Users\Lewis\Downloads\Sophos Virus Removal Tool.exe2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup2015-07-04 11:07 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22015-07-04 11:07 - 2015-07-04 11:07 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2015-07-04 11:07 - 2015-07-04 11:07 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job2015-07-04 11:07 - 2015-07-04 11:07 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2015-07-04 11:07 - 2015-07-04 11:07 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job2015-07-04 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2015-07-04 10:50 - 2015-07-04 11:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2-4.exe2015-07-04 09:25 - 2015-07-04 09:29 - 02244096 _____ C:\Users\Lewis\Downloads\AdwCleaner.exe2015-06-20 08:27 - 2015-06-20 08:27 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip2015-06-19 09:17 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart2015-06-19 09:17 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Public\Desktop\BookSmart.lnk2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe2015-06-12 16:58 - 2015-06-20 08:35 - 00780814 _____ C:\windows\SysWOW64\PerfStringBackup.INI2015-06-12 16:27 - 2015-06-16 05:41 - 02945901 _____ (Thisisu) C:\Users\Lewis\Downloads\JRT.exe2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe2015-06-10 15:50 - 2015-06-10 15:50 - 00000194 _____ C:\Users\Lewis\Downloads\hosts-perm.bat2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe2015-06-06 05:48 - 2015-06-05 11:26 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150606-054841.backup2015-06-06 05:47 - 2015-07-05 14:48 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 22015-06-06 05:47 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy2015-06-05 11:30 - 2015-06-05 11:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lewis\Downloads\tdsskiller.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-05 17:27 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST2015-07-05 17:25 - 2015-05-26 06:30 - 00780814 _____ C:\windows\system32\PerfStringBackup.INI2015-07-05 17:23 - 2014-02-11 18:38 - 01276040 _____ C:\windows\WindowsUpdate.log2015-07-05 17:22 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files2015-07-05 17:21 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-07-05 17:20 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-07-05 17:20 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-07-05 16:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job2015-07-05 16:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-05 14:57 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-05 14:57 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-05 14:49 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT2015-07-05 14:48 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis2015-07-05 14:47 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX2015-07-05 14:47 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller2015-07-05 14:47 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com2015-07-05 14:47 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-07-05 14:47 - 2014-12-22 06:02 - 00000000 ____D C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\SysWOW64\vbox2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\system32\vbox2015-07-05 14:47 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-07-05 14:47 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive2015-07-05 14:47 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses2015-07-05 14:47 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt2015-07-05 14:47 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell2015-07-05 14:47 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF2015-07-05 14:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration2015-07-05 14:44 - 2014-12-22 06:46 - 00000000 ___DC C:\RegBackup2015-07-05 14:43 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox2015-07-05 13:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit2015-07-05 07:08 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate2015-07-05 04:41 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif2015-07-04 14:48 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster2015-07-04 11:53 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup2015-07-04 10:37 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 _RHDC C:\MSOCache2015-07-04 08:12 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement2015-06-21 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job2015-06-20 08:44 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT2015-06-20 08:40 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_6882015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_542015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_2582015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT2015-06-10 05:13 - 2012-03-04 03:42 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-06-06 15:40 - 2012-03-02 17:24 - 00000000 ____D C:\Temp2015-06-06 15:11 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.02015-06-06 06:01 - 2012-03-03 16:49 - 05868101 ____C C:\ProgramData\dleascan.log2015-06-06 06:00 - 2012-03-03 18:02 - 01809566 ____C C:\ProgramData\dlea.log2015-06-06 04:37 - 2014-10-04 05:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-06-05 17:04 - 2013-07-28 19:31 - 00000000 ____D C:\Users\Lewis\Documents\My Kindle Content ==================== Files in the root of some directories ======= 2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR2013-08-24 10:04 - 2014-11-13 08:40 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache2013-08-24 10:05 - 2014-11-13 08:40 - 0655822 _____ () C:\Users\Lewis\AppData\Local\census.cache2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg2014-11-13 08:32 - 2014-11-13 08:32 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log Some files in TEMP:====================C:\Users\Lewis\AppData\Local\Temp\dllnt_dump.dll Some zero byte size files/folders:==========================C:\Windows\SysWOW64\CISVC.EXEC:\Windows\SysWOW64\conhost.exeC:\Windows\SysWOW64\csrss.exeC:\Windows\SysWOW64\dwm.exeC:\Windows\SysWOW64\lsass.exeC:\Windows\SysWOW64\lsm.exeC:\Windows\SysWOW64\services.exeC:\Windows\SysWOW64\smss.exeC:\Windows\SysWOW64\spoolsv.exeC:\Windows\SysWOW64\taskhost.exeC:\Windows\SysWOW64\winlogon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-04 19:54 ==================== End of log ============================ Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 5, 2015 ID:974391 Share Posted July 5, 2015 Thanks for the logs, I now see why the connection was lost first time around, was a problem with the winsock catalogue... Continue please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference numberNext, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.logLet me see those logs, also give an update on any remaining issues or concerns.. Thank you, Kevin.... Fixlist.txt Link to post Share on other sites More sharing options...
Purrington Posted July 5, 2015 Author ID:974392 Share Posted July 5, 2015 May I ask two questions so that I can make certain I understand the instructions correctly? 1. When you say "Run FRST" do you mean: a. Open FRST, Run a Scan, and then click on "Fix" once. or do you mean: b. Open FRST, and just click on "Fix" once. [without running a scan] 2. If after running FRST and I am asked to reboot my laptop I should have a problem connecting to the internet as, I did last time I tried this, is there anything special you would like me to do or should I just try running "System Restore." Note: Since running System Restore a few hours ago my laptop has gotten much slower. Thank you Link to post Share on other sites More sharing options...
Purrington Posted July 6, 2015 Author ID:974439 Share Posted July 6, 2015 Kevin: After the first system restore my laptop began to run slower and slower so I proceeded to follow your instructions. I ran the FRST Fix. [see Log Attached] After rebooting once again I could not connect my laptop to the Internet and running the Trouble Shooter did not find a cure. [see Connection Troubleshooting Image] Before running System Restore yet again I ran ADWCleaner and JRT. [see Logs] # AdwCleaner v4.207 - Logfile created 05/07/2015 at 19:52:59# Updated 21/06/2015 by Xplode# Database : 2015-06-21.1 [Local]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Lewis - LEWIS-PC# Running from : C:\Users\Lewis\Desktop\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Google Chrome v43.0.2357.130 ************************* AdwCleaner[R134].txt - [749 bytes] - [05/07/2015 19:50:15]AdwCleaner[s17].txt - [673 bytes] - [05/07/2015 19:52:59] ########## EOF - C:\AdwCleaner\AdwCleaner[s17].txt - [732 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.3.1 (07.05.2015:1)OS: Windows 7 Home Premium x64Ran by Lewis on Sun 07/05/2015 at 19:55:34.39~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 07/05/2015 at 20:04:43.37End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since I could not connect to the Internet after the reboot I was unable to run the Microsoft Windows Malicious Software Removal Tool prior to doing a system restore. Fearing I was infected I ran the Emisoft Emergency Tool Kit which I had already downloaded and found two infections. [see image attached] I also ran RKILL. [see Results] Rkill 2.7.0 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2015 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/05/2015 08:19:02 PM in x64 mode. (Safe Mode)Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * DHCP Client (Dhcp) is not Running. Startup Type set to: Automatic * DNS Client (Dnscache) is not Running. Startup Type set to: Automatic * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * Windows Firewall (MpsSvc) is not Running. Startup Type set to: Automatic * Network Connections (Netman) is not Running. Startup Type set to: Manual * Network Store Interface Service (nsi) is not Running. Startup Type set to: Automatic * Security Center (wscsvc) is not Running. Startup Type set to: Automatic * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) * Ancillary Function Driver for Winsock (AFD) is not Running. Startup Type set to: System * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * NetBT (NetBT) is not Running. Startup Type set to: System * NSI proxy service driver. (nsiproxy) is not Running. Startup Type set to: System * NetIO Legacy TDI Support Driver (tdx) is not Running. Startup Type set to: System * EFS [Missing Service] * KeyIso [Missing Service] * Netlogon [Missing Service] * ProtectedStorage [Missing Service] * SamSs [Missing Service] * Spooler [Missing Service] * VaultSvc [Missing Service] * WMPNetworkSvc [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * Cannot edit the HOSTS file. * Permissions Fixed. Administrators can now edit the HOSTS file. * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 07/05/2015 08:23:30 PMExecution time: 0 hours(s), 4 minute(s), and 28 seconds(s) I then ran System Restore a second time and was able to connect to the internet and run the Microsoft Windows Malicious Software Removal Tool v5.25, No infections were discovered. The “Log Report” has very little information. See Below. Microsoft Windows Malicious Software Removal Tool v5.25,June 2015 (build 5.25.11502.0)Started On Sun Jul 05 21:05:50 2015 Engine: 1.1.11701.0Signatures: 1.199.892.0 Question 1: At the beginning of this process you had me “unhide” hidden files and to move some to my desktop. What is the status of this now? When I rebooted whatever I had moved to desktop disappeared. Question 2: How may I get FRST to work properly so each time I run “Fix” and reboot I do not lose connection to the Internet. Note: Please note that this FRST issue first raised its ugly head when I was working with another Malwarebytes technician. He erroneously assured me the problem had been repaired but as you can see the problem remains. See portion of transcript here: RKILL WMPNetworkSvc [Missing Service] Infection?Started by Purrington, May 29 2015 05:43 AM Purrington: Why is it that when you requested I run FRST on May 29th two log reports appeared just fine but then after you had me download the “Fixit” list and then attempt to reboot that I could not do so without losing my Internet Connection and twice [the second time on June 1st] had to do a “System Restore” in order to login to the Internet? Has this issue been repaired? Forum Deity: Yes, it is repaired. Thank you.Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974455 Share Posted July 6, 2015 Question 1: At the beginning of this process you had me “unhide” hidden files and to move some to my desktop. What is the status of this now? When I rebooted whatever I had moved to desktop disappeared. That action was done to help locate any possible malware/infection, obviously system restore reset the value back....When we clean up at the end that setting is always reset.... Question 2: How may I get FRST to work properly so each time I run “Fix” and reboot I do not lose connection to the Internet. When the FRST fix was run the winsock catalogue was corrupted, I saw that after the first run. In the second run I added a "Winsock Catalogue" reset command. Unfortunately it would seem from the second log that one of the sockets did not start see the following:========= netsh winsock reset =========Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.Note: Please note that this FRST issue first raised its ugly head when I was working with another Malwarebytes technician. He erroneously assured me the problem had been repaired but as you can see the problem remains. Please be aware that helpers on this forum are volunteers (myself included) and to not related to, or work for Malwarebytes company..... Usually when the Winsock is corrupted the reset used with FRST command does reset all values and maintain the connection, i`m not really sure why this action failed, although the log does indicate a.dll file failed to start... The Winsock can be reset maually from an "Elevated" command prompt with the following commands, select "enter" after each command. netsh winsock reset catalog netsh int ip reset reset.log Judging by your enlarged and reply fonts I assume you are not happy with my help, what do you want to do next? Kevin.... Link to post Share on other sites More sharing options...
Purrington Posted July 6, 2015 Author ID:974468 Share Posted July 6, 2015 Kevin: Firstly I am not unhappy with your efforts. I am frustrated with the slowness of my laptop and what appear to be recurring infections and an apparent difficulty in getting FRST to work effectively. My laptop is running very slowly. I just ran Hitman Pro and have attached a list of the infections it found. I should like your assistance if resolving these issues. If you will provide me with step by step instructions which I as a layperson can follow to repair FRST and/or any other issues affecting the performance of my laptop I shall be greatly appreciative. As I was typing this reply I ran ADWCleaner and it showed Registry Errors. [see attached] I need to clean them and do a reboot. Please advise me what you wish me to do and I shall comply. Thank you Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974482 Share Posted July 6, 2015 Do the following: Go HEREand download LSPfix and save it to your Desktop:Rt click->>Extract(unzip) it to its own folder on your DesktopDisconnect from the internet, and close all browser windows.Open the LSPFix folderRun LSPFix. Click the "I know what I'm doing" button.In the left hand pane do you see any of the following or references to them, if so select to highlight each one ready to move:Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'To move them to the "Remove" pane and by clicking the >> button.Click Finish. Reboot to complete the process.re-connect to the internet,A tutorial for using LSPfix can be found HERE Next, Download Norton Power Eraser from here: and save direct to your Desktop. Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1 right click, select "Run as Administrator" accept UAC. The EULA will open, accept that to move on... The tool will check for updates/latest version The GUI will open, select "Scan for Risks" Rootkit scan alert will open, select "Restart" Rootkit scan preparations will time out and Reboot the system. Tool will will restart and check for update, do nothing. System scan will start, do nothing. If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool. To remove "found entries" the system will need to restart, select that option. If applicable select "Locate Log" attach to reply. Select "Done" when complete..... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs.... Let me see those logs in your reply, also any remaining issues or concerns.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Purrington Posted July 6, 2015 Author ID:974522 Share Posted July 6, 2015 Kevin: My laptop is running very slowly even after the Norton Scan. It takes a few minutes for a browser page to come up. I do hope that when the next FRST Fix is run that my internet connection is not lost and that I do not have to do another System Restore. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015Ran by Lewis (administrator) on LEWIS-PC on 06-07-2015 10:31:47Running from C:\Users\Lewis\DesktopLoaded Profiles: Lewis (Available Profiles: Lewis)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppHKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-05] (Avast Software s.r.o.)HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.scr <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.com <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: ** <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx.pif <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.divx.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.png.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wma.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xls.exe <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp.com <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTIONHKLM Group Policy restriction on software: *.avi.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTIONWinlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-07-04]ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-05] (Avast Software s.r.o.)ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No FileShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No FileShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No FileShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No FileBootExecute: autocheck autochk * sdnclean64.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-05] (Avast Software s.r.o.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-05] (Avast Software s.r.o.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{D29B769C-100A-4F38-A28B-84B9F81A6B26}: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-04] Chrome: =======CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-05]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-07-05]CHR Extension: (Shareaholic for Pinterest) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2015-07-05]CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-07-05]CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-05] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-05] (Avast Software)S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-05] (SurfRight B.V.)R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-05] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-05] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-05] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-05] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-05] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-05] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-05] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-05] ()R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-06] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-04] ()U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-05] (Avast Software)S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 10:31 - 2015-07-06 10:32 - 00033767 _____ C:\Users\Lewis\Desktop\FRST.txt2015-07-06 10:26 - 2015-07-06 10:31 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe2015-07-06 10:03 - 2015-07-06 10:03 - 00000000 ___DC C:\NPE2015-07-06 10:01 - 2015-07-06 10:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\NPE2015-07-06 10:01 - 2015-07-06 10:01 - 00000000 ___DC C:\ProgramData\Norton2015-07-06 09:54 - 2015-07-06 09:54 - 00000000 _____ C:\windows\SysWOW64\SBRC.dat2015-07-06 09:43 - 2015-07-06 10:00 - 03088296 _____ (Symantec Corporation) C:\Users\Lewis\Desktop\NPE.exe2015-07-06 09:17 - 2015-07-06 09:17 - 00000000 ____D C:\Users\Lewis\Desktop\lspfix2015-07-06 09:11 - 2015-07-06 10:21 - 00000168 _____ C:\windows\setupact.log2015-07-06 09:11 - 2015-07-06 09:11 - 00002862 _____ C:\windows\PFRO.log2015-07-06 09:11 - 2015-07-06 09:11 - 00000000 _____ C:\windows\setuperr.log2015-07-06 09:05 - 2015-07-06 09:05 - 00201030 _____ C:\Users\Lewis\Desktop\lspfix.zip2015-07-06 09:05 - 2015-07-06 09:05 - 00201030 _____ C:\Users\Lewis\Desktop\lspfix (1).zip2015-07-06 08:35 - 2015-07-06 08:35 - 02494944 _____ (Trend Micro Inc.) C:\Users\Lewis\Desktop\HousecallLauncher64.exe2015-07-06 08:26 - 2015-07-06 08:26 - 00023558 ____C C:\ComboFix.txt2015-07-06 08:07 - 2015-07-06 08:07 - 00000134 _____ C:\Users\Lewis\Desktop\Microsoft Fix it.url2015-07-06 07:48 - 2015-07-06 10:26 - 00011450 _____ C:\windows\WindowsUpdate.log2015-07-06 07:09 - 2015-07-06 07:10 - 00305288 _____ C:\Users\Lewis\Documents\cc_20150706_070952.reg2015-07-05 21:52 - 2015-07-05 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-07-05 21:51 - 2015-07-06 09:14 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update2015-07-05 21:51 - 2015-07-05 21:52 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys2015-07-05 21:51 - 2015-07-05 21:51 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys2015-07-05 21:51 - 2015-07-05 21:51 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe2015-07-05 21:51 - 2015-07-05 21:51 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys2015-07-05 21:51 - 2015-07-05 21:51 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys2015-07-05 21:51 - 2015-07-05 21:51 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys2015-07-05 21:51 - 2015-07-05 21:51 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys2015-07-05 21:51 - 2015-07-05 21:51 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys2015-07-05 21:51 - 2015-07-05 21:51 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr2015-07-05 21:51 - 2015-07-05 21:51 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys2015-07-05 20:48 - 2015-07-06 06:08 - 00000745 _____ C:\Users\Lewis\Desktop\Start Emsisoft Emergency Kit.lnk2015-07-05 20:48 - 2015-07-05 21:05 - 52822240 _____ (Microsoft Corporation) C:\Users\Lewis\Desktop\Windows-KB890830-x64-V5.25.exe2015-07-05 06:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-07-05 04:31 - 2015-07-06 07:25 - 00000000 ___DC C:\TDSSKiller_Quarantine2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_softonic (1).exe2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software2015-07-04 15:46 - 2015-07-04 15:46 - 00347816 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.135946980356890.2.1.Run.exe2015-07-04 15:33 - 2015-07-06 07:32 - 00000000 ___DC C:\EEK2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys2015-07-04 14:57 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg20152015-07-04 14:52 - 2015-07-04 15:33 - 159491248 _____ C:\Users\Lewis\Downloads\EmsisoftEmergencyKit.exe2015-07-04 14:45 - 2015-07-06 06:12 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup5052015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip2015-07-04 14:41 - 2015-07-06 06:14 - 00000000 ___DC C:\Program Files (x86)\ERUNT2015-07-04 14:41 - 2015-07-06 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2015-07-04 14:40 - 2015-07-04 14:40 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ___DC C:\Program Files\HitmanPro2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2015-07-04 14:12 - 2015-07-04 14:52 - 00000000 ___DC C:\ProgramData\HitmanPro2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe2015-07-04 13:12 - 2015-07-04 13:19 - 14243008 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\mseinstall.exe2015-07-04 13:10 - 2015-07-05 14:43 - 00000000 ___DC C:\ProgramData\Sophos2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Sophos2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos2015-07-04 12:58 - 2015-07-04 13:08 - 126112144 _____ (Sophos Limited) C:\Users\Lewis\Downloads\Sophos Virus Removal Tool.exe2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup2015-07-04 11:07 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22015-07-04 11:07 - 2015-07-04 11:07 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2015-07-04 11:07 - 2015-07-04 11:07 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job2015-07-04 11:07 - 2015-07-04 11:07 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2015-07-04 11:07 - 2015-07-04 11:07 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job2015-07-04 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2015-07-04 10:50 - 2015-07-04 11:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2-4.exe2015-06-20 08:27 - 2015-07-06 05:31 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip2015-06-19 09:17 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart2015-06-19 09:17 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Public\Desktop\BookSmart.lnk2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe2015-06-12 16:58 - 2015-07-06 05:47 - 00780878 _____ C:\windows\SysWOW64\PerfStringBackup.INI2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe2015-06-10 15:50 - 2015-06-10 15:50 - 00000194 _____ C:\Users\Lewis\Downloads\hosts-perm.bat2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe2015-06-06 05:48 - 2015-06-05 11:26 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150606-054841.backup2015-06-06 05:47 - 2015-07-05 14:48 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 22015-06-06 05:47 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 10:31 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST2015-07-06 10:31 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-06 10:31 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-06 10:26 - 2015-05-26 06:30 - 00780878 _____ C:\windows\system32\PerfStringBackup.INI2015-07-06 10:23 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-07-06 10:23 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files2015-07-06 10:22 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-07-06 10:21 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-07-06 09:54 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE2015-07-06 09:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-06 08:54 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner2015-07-06 08:30 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.02015-07-06 08:26 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox2015-07-06 08:22 - 2009-07-13 22:34 - 00000215 ____C C:\windows\system.ini2015-07-06 07:11 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp2015-07-06 06:20 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT2015-07-06 06:14 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt2015-07-06 05:56 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT2015-07-06 05:51 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini2015-07-06 04:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job2015-07-06 03:38 - 2009-07-14 01:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT2015-07-05 20:39 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis2015-07-05 20:38 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses2015-07-05 20:38 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF2015-07-05 20:38 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration2015-07-05 14:47 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX2015-07-05 14:47 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller2015-07-05 14:47 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com2015-07-05 14:47 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-07-05 14:47 - 2014-12-22 06:02 - 00000000 ____D C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\SysWOW64\vbox2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\system32\vbox2015-07-05 14:47 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-07-05 14:47 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive2015-07-05 14:47 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell2015-07-05 14:44 - 2014-12-22 06:46 - 00000000 ___DC C:\RegBackup2015-07-05 13:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif2015-07-04 14:57 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_2972015-07-04 14:48 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster2015-07-04 11:53 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 __RDC C:\MSOCache2015-07-04 08:12 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement2015-06-21 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_6882015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_542015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_2582015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT2015-06-06 15:40 - 2012-03-02 17:24 - 00000000 ____D C:\Temp2015-06-06 06:01 - 2012-03-03 16:49 - 05868101 ____C C:\ProgramData\dleascan.log2015-06-06 06:00 - 2012-03-03 18:02 - 01809566 ____C C:\ProgramData\dlea.log2015-06-06 04:37 - 2014-10-04 05:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive ==================== Files in the root of some directories ======= 2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR2013-08-24 10:04 - 2014-11-13 08:40 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache2013-08-24 10:05 - 2014-11-13 08:40 - 0655822 _____ () C:\Users\Lewis\AppData\Local\census.cache2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg2014-11-13 08:32 - 2014-11-13 08:32 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log Some files in TEMP:====================C:\Users\Lewis\AppData\Local\Temp\Quarantine.exeC:\Users\Lewis\AppData\Local\Temp\sqlite3.dll Some zero byte size files/folders:==========================C:\Windows\SysWOW64\CISVC.EXEC:\Windows\SysWOW64\conhost.exeC:\Windows\SysWOW64\csrss.exeC:\Windows\SysWOW64\dwm.exeC:\Windows\SysWOW64\lsass.exeC:\Windows\SysWOW64\lsm.exeC:\Windows\SysWOW64\services.exeC:\Windows\SysWOW64\smss.exeC:\Windows\SysWOW64\spoolsv.exeC:\Windows\SysWOW64\taskhost.exeC:\Windows\SysWOW64\winlogon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-04 19:54 ==================== End of log ============================Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974528 Share Posted July 6, 2015 Ok I guess we have to give FRST another roll.... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. If the connection is lost again try the following before using system restore..... Select start, in the search box typ services.msc hit enter, in the new window check these entries are running and set to automatic:DHCP Client DNS ClientGo to Start > All Programs > Accessories > Right click on "Command Prompt" select "Run As Administrator" Run the following commands hit the enter key after each one, netsh winsock reset catalognetsh int ipv4 reset reset.lognetsh int ipv6 reset reset.logipconfig /flushdnsipconfig /releaseipconfig /renewipconfig /registerdns Then reboot. Let me see log from FRST, also give an update on any remaining issues or concerns. Fixlist.txt Link to post Share on other sites More sharing options...
Recommended Posts