Jump to content

Recommended Posts

My laptop began running slowly yesterday.

 

I ran several programs to see what it might be and when I ran Hitman Pro the results indicated I have a Mobogenie Infections an a couple of others.

 

I do not see Mobogenie listed as an installed program or download so I do not know how to find it and get rid of the pesky infection.

 

See Attached Screenshot.

 

I do not qualify for the free removal of infections by Hitman Pro so wanted to see if anyone here could assist me in removing it as well as to check if I have any other infections.

 

Thank you

post-62460-0-35846200-1436049778_thumb.j

Link to post
Share on other sites

  • Replies 79
  • Created
  • Last Reply

Top Posters In This Topic

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
  • Post back the report which should also be located here:



C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP


Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/5/2015

Scan Time: 7:50:14 AM

Logfile:

Administrator: Yes

 

Version: 2.01.8.1057

Malware Database: v2015.07.05.02

Rootkit Database: v2015.07.03.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Lewis

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 375057

Time Elapsed: 24 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015

Ran by Lewis (administrator) on LEWIS-PC on 05-07-2015 09:22:23
Running from C:\Users\Lewis\Desktop
Loaded Profiles: Lewis (Available Profiles: Lewis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-04] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621752 2015-06-29] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-04] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-04] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-04] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D29B769C-100A-4F38-A28B-84B9F81A6B26}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]
CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]
CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]
CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]
CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]
CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]
CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]
CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]
CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-03-29]
CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-02]
CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-04] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-04] (Avast Software)
S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [712504 2015-06-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-04] ()
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-06-29] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-07-05] ()
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-05] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-04] (Avast Software)
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]
S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-05 09:22 - 2015-07-05 09:22 - 00033730 _____ C:\Users\Lewis\Desktop\FRST.txt
2015-07-05 09:18 - 2015-07-05 09:18 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2015-07-05 07:00 - 2015-07-05 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-07-05 06:41 - 2015-07-05 06:41 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-07-05 06:40 - 2015-07-05 06:41 - 03067496 _____ (Malwarebytes ) C:\Users\Lewis\Downloads\mbae-setup-1.07.1.1010.exe
2015-07-05 06:14 - 2015-07-05 06:30 - 00043664 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2015-07-05 06:05 - 2015-07-05 07:01 - 00000280 _____ C:\windows\setupact.log
2015-07-05 06:05 - 2015-07-05 06:05 - 00000000 _____ C:\windows\setuperr.log
2015-07-05 05:26 - 2015-07-05 05:17 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts.20150705-052636.backup
2015-07-05 05:20 - 2015-07-05 06:10 - 00003988 _____ C:\windows\PFRO.log
2015-07-05 05:13 - 2015-07-05 08:52 - 00010676 _____ C:\windows\WindowsUpdate.log
2015-07-05 05:01 - 2015-07-05 05:06 - 12908872 _____ C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-07-05 04:39 - 2015-07-05 04:39 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-05 04:39 - 2015-07-05 04:39 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-05 04:39 - 2015-07-05 04:39 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-05 04:31 - 2015-07-05 04:31 - 00000000 ___DC C:\TDSSKiller_Quarantine
2015-07-04 18:31 - 2015-07-04 18:33 - 02952814 _____ (Malwarebytes Corporation) C:\Users\Lewis\Downloads\JRT (1).exe
2015-07-04 18:16 - 2015-07-04 18:16 - 00021943 ____C C:\ComboFix.txt
2015-07-04 17:52 - 2015-07-05 06:10 - 00000085 _____ C:\windows\wininit.ini
2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software
2015-07-04 17:44 - 2015-07-04 17:44 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-04 17:44 - 2015-07-04 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-04 17:43 - 2015-07-04 17:44 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-07-04 17:43 - 2015-07-04 17:43 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-07-04 17:43 - 2015-07-04 17:43 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-07-04 17:43 - 2015-07-04 17:43 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys
2015-07-04 17:43 - 2015-07-04 17:43 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-07-04 17:43 - 2015-07-04 17:43 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-07-04 17:43 - 2015-07-04 17:43 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-07-04 17:43 - 2015-07-04 17:43 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys
2015-07-04 17:43 - 2015-07-04 17:43 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-07-04 17:43 - 2015-07-04 17:43 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys
2015-07-04 17:33 - 2015-07-04 17:34 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe
2015-07-04 17:29 - 2015-07-04 17:29 - 00305640 _____ C:\Users\Lewis\Documents\cc_20150704_172927.reg
2015-07-04 16:30 - 2015-07-04 16:58 - 17853688 _____ C:\Users\Lewis\Downloads\RogueKiller.exe
2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe
2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software
2015-07-04 15:33 - 2015-07-05 05:40 - 00000000 ___DC C:\EEK
2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys
2015-07-04 14:57 - 2015-07-04 17:24 - 00000000 ___DC C:\ProgramData\MFAData
2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData
2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg2015
2015-07-04 14:45 - 2015-07-04 14:45 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup505
2015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip
2015-07-04 14:12 - 2015-07-04 14:52 - 00000000 ___DC C:\ProgramData\HitmanPro
2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe
2015-07-04 13:10 - 2015-07-05 06:34 - 00000000 ___DC C:\ProgramData\Sophos
2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup
2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup
2015-07-04 09:25 - 2015-07-04 09:29 - 02244096 _____ C:\Users\Lewis\Downloads\AdwCleaner.exe
2015-06-20 08:27 - 2015-07-05 04:57 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip
2015-06-19 09:17 - 2015-07-04 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart
2015-06-19 09:17 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Public\Desktop\BookSmart.lnk
2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb
2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData
2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart
2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe
2015-06-12 16:58 - 2015-07-05 05:13 - 00780814 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe
2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe
2015-06-06 05:48 - 2015-06-05 11:26 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150606-054841.backup
2015-06-06 05:47 - 2015-07-05 06:10 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-06 05:47 - 2015-07-05 04:39 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-06-05 11:30 - 2015-06-05 11:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lewis\Downloads\tdsskiller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-05 09:22 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST
2015-07-05 09:19 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-05 09:14 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files
2015-07-05 08:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job
2015-07-05 08:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 08:34 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 07:11 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-05 07:11 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-05 07:08 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner
2015-07-05 07:06 - 2015-05-26 06:30 - 00780814 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-05 07:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-05 07:01 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate
2015-07-05 06:08 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-05 06:05 - 2009-07-14 01:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-07-05 05:21 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-05 05:17 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini
2015-07-05 04:48 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_170
2015-07-05 04:41 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp
2015-07-05 04:38 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-07-05 03:14 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive
2015-07-04 18:49 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.0
2015-07-04 18:16 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox
2015-07-04 18:12 - 2009-07-13 22:34 - 00000215 ____C C:\windows\system.ini
2015-07-04 17:06 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150704-170937.backup
2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software
2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif
2015-07-04 14:57 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150704-163657.backup
2015-07-04 14:41 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt
2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup
2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster
2015-07-04 11:53 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup
2015-07-04 10:37 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE
2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-04 08:47 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis
2015-07-04 08:46 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX
2015-07-04 08:46 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller
2015-07-04 08:46 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-04 08:46 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-04 08:46 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses
2015-07-04 08:46 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss
2015-07-04 08:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-04 08:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 __RDC C:\MSOCache
2015-07-04 08:12 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer
2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement
2015-06-21 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job
2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_688
2015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_54
2015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment
2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_258
2015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser
2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT
2015-06-10 05:13 - 2012-03-04 03:42 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-06 15:40 - 2012-03-02 17:24 - 00000000 ____D C:\Temp
2015-06-06 06:01 - 2012-03-03 16:49 - 05868101 ____C C:\ProgramData\dleascan.log
2015-06-06 06:00 - 2012-03-03 18:02 - 01809566 ____C C:\ProgramData\dlea.log
2015-06-06 04:37 - 2014-10-04 05:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-05 17:04 - 2013-07-28 19:31 - 00000000 ____D C:\Users\Lewis\Documents\My Kindle Content
 
==================== Files in the root of some directories =======
 
2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-08-24 10:04 - 2014-11-13 08:40 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache
2013-08-24 10:05 - 2014-11-13 08:40 - 0655822 _____ () C:\Users\Lewis\AppData\Local\census.cache
2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache
2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg
2014-11-13 08:32 - 2014-11-13 08:32 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache
2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log
2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log
2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log
 
Some files in TEMP:
====================
C:\Users\Lewis\AppData\Local\Temp\HitmanPro.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\CISVC.EXE
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-04 19:54
 
==================== End of log ============================

 

RogueKiller V10.8.7.0 [Jun 29 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lewis [Administrator]
Started from : C:\Users\Lewis\Downloads\RogueKiller.exe
Mode : Scan -- Date : 07/05/2015  09:36:26
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] afd3e18634a03cfc5f5cd4c7c7c1540f
[bSP] 2ec32c4dafc030881e2a9675b975a583 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_05122015_183040.log - RKreport_DEL_05122015_183111.log - RKreport_SCN_05222015_120319.log - RKreport_DEL_05222015_120346.log
RKreport_SCN_05262015_054655.log - RKreport_DEL_05262015_054721.log - RKreport_SCN_05272015_064243.log - RKreport_DEL_05272015_064344.log
RKreport_SCN_05272015_173421.log - RKreport_DEL_05272015_173455.log - RKreport_SCN_05282015_173824.log - RKreport_SCN_05282015_174102.log
RKreport_SCN_05312015_123349.log - RKreport_DEL_05312015_124801.log - RKreport_SCN_05312015_131027.log - RKreport_SCN_06012015_165806.log
RKreport_SCN_06052015_112549.log - RKreport_SCN_06092015_175855.log - RKreport_DEL_06092015_175938.log - RKreport_SCN_06102015_155009.log
RKreport_SCN_06122015_162140.log - RKreport_DEL_06122015_162209.log - RKreport_SCN_06162015_112855.log - RKreport_SCN_06172015_122756.log
RKreport_SCN_06212015_133144.log - RKreport_SCN_06242015_110930.log - RKreport_SCN_06252015_103717.log - RKreport_SCN_06272015_155331.log
RKreport_SCN_06292015_154110.log - RKreport_SCN_07042015_053135.log - RKreport_SCN_07042015_080641.log - RKreport_SCN_07042015_145726.log
RKreport_DEL_07042015_145803.log - RKreport_SCN_07042015_170619.log - RKreport_DEL_07042015_170640.log - RKreport_SCN_07052015_044742.log
RKreport_DEL_07052015_044811.log

 

 

 

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Fixlist.txt

Link to post
Share on other sites

1.  Kevin:  Please notice that your last response was posted multiple times on this thread.

 

2.  I have a problem.  When I ran the FRST and after hitting the "FIX" button once a log appeared and I was asked to reboot my laptop.

 

When my laptop rebooted I could not connect my laptop [see Image Attached ] to the internet so I had to do a "System Restore."

 

When my laptop rebooted after the "System Restore" a notification popped up of a "System Error." [see Image Attached]

 

Since I had to to a "System Restore" do you still wish me to run the ADWCleaner, JRT and other steps you listed above?

 

Here is the Fix.Log results:
 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-07-2015
Ran by Lewis at 2015-07-05 14:20:21 Run:4
Running from C:\Users\Lewis\Desktop
Loaded Profiles: Lewis (Available Profiles: Lewis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
C:\Windows\SysWOW64\CISVC.EXE
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
C:\Windows\SysWOW64\lsass.exe
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
C:\Windows\SysWOW64\spoolsv.exe
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]
S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
C:\Windows\SysWOW64\CISVC.EXE
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
Task: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
Emptytemp:
End
*****************
 
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
CISVC => Service removed successfully
C:\Windows\SysWOW64\CISVC.EXE => moved successfully.
EFS => Service removed successfully
C:\Windows\SysWOW64\lsass.exe => moved successfully.
KeyIso => Unable to stop service.
KeyIso => Service removed successfully
Netlogon => Service removed successfully
ProtectedStorage => Service stopped successfully.
ProtectedStorage => Service removed successfully
SamSs => Unable to stop service.
SamSs => Service removed successfully
Spooler => Service stopped successfully.
Spooler => Service removed successfully
C:\Windows\SysWOW64\spoolsv.exe => moved successfully.
VaultSvc => Service removed successfully
cleanhlp => Service removed successfully
MpFilter => Service removed successfully
NisDrv => Service removed successfully
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service removed successfully
"C:\Windows\SysWOW64\CISVC.EXE" => File/Folder not found.
C:\Windows\SysWOW64\conhost.exe => moved successfully.
C:\Windows\SysWOW64\csrss.exe => moved successfully.
C:\Windows\SysWOW64\dwm.exe => moved successfully.
"C:\Windows\SysWOW64\lsass.exe" => File/Folder not found.
C:\Windows\SysWOW64\lsm.exe => moved successfully.
C:\Windows\SysWOW64\services.exe => moved successfully.
C:\Windows\SysWOW64\smss.exe => moved successfully.
"C:\Windows\SysWOW64\spoolsv.exe" => File/Folder not found.
C:\Windows\SysWOW64\taskhost.exe => moved successfully.
C:\Windows\SysWOW64\winlogon.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C0722CC-91F2-4A85-810C-700C5DF6B983}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0722CC-91F2-4A85-810C-700C5DF6B983}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => key removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
EmptyTemp: => 272.5 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:20:57 ====
 
Please advise what I am to do now.
 
Thank you.
 
 

post-62460-0-33664500-1436123137_thumb.j

post-62460-0-88567800-1436123153_thumb.j

Link to post
Share on other sites

If you`ve used system restore then the system be to where we started I guess.. When the connection was lost did you use the trouble shooter to see what was wrong? did it give any indication?

 

The SDTray error is related to Spybot S&D, a simple reinstall would have fixed that....

 

Best option is to run FRST again, see what the logs show....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....
 

Thanks,

 

Kevin

Link to post
Share on other sites

I did run the "Troubleshooter" but it did not provide a cure.

 

Do I need to do anything regarding the "Hidden Files" you had me "Un-Hide" at the beginning of this process?

 

The FRST.Txt was quite short:

 

 
 
LastRegBack: 2015-07-04 19:54
 
==================== End of log ============================
 
dditional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Lewis at 2015-07-05 15:57:40
Running from C:\Users\Lewis\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1422163307-3788927115-2030255185-500 - Administrator - Disabled)
Guest (S-1-5-21-1422163307-3788927115-2030255185-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422163307-3788927115-2030255185-1002 - Limited - Enabled)
Lewis (S-1-5-21-1422163307-3788927115-2030255185-1000 - Administrator - Enabled) => C:\Users\Lewis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\Amazon Kindle) (Version:  - Amazon)
Avery Template - U_0087_01_PlateauLines_0805_01_en (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000002}) (Version: 1.0.0.0 - Avery)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BookSmart® 3.4.7 3.4.7 (HKLM-x32\...\BookSmart® 3.4.7 3.4.7) (Version:  - Blurb, Inc)
ChromecastApp (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.67 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (Version: 3.1.5907.23 - PC-Doctor, Inc.) Hidden
Dell System Detect - 1  (HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\...\73f463568823ebbe) (Version: 6.2.0.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.0 - Tweaking.com)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Zinio Alert Messenger (x32 Version: 4.0.2570 - Zinio LLC) Hidden
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1422163307-3788927115-2030255185-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
11-05-2015 17:19:39 avast! antivirus system restore point
13-05-2015 05:43:50 Windows Update
13-05-2015 06:10:25 Windows Update
18-05-2015 02:18:51 Windows Backup
18-05-2015 18:35:18 Installed Microsoft Fix it 50043
19-05-2015 16:09:40 Windows Update
25-05-2015 00:24:14 Windows Backup
28-05-2015 14:12:20 Installed Microsoft Fix it 50043
29-05-2015 10:41:48 Restore Operation
29-05-2015 10:50:51 avast! antivirus system restore point
29-05-2015 11:38:27 Restore Operation
29-05-2015 11:47:47 avast! antivirus system restore point
29-05-2015 14:55:29 Installed AppNHost 1.0.5.1
31-05-2015 12:17:07 Removed AppNHost 1.0.5.1
31-05-2015 19:00:14 Windows Backup
01-06-2015 10:51:47 Restore Operation
01-06-2015 10:58:56 avast! antivirus system restore point
06-06-2015 05:26:28 Installed Should I Remove It
06-06-2015 07:56:52 Removed Should I Remove It
07-06-2015 08:57:03 Installed AppNHost 1.0.5.1
07-06-2015 09:56:34 Removed AppNHost 1.0.5.1
07-06-2015 21:36:46 Windows Backup
10-06-2015 05:07:18 Windows Update
14-06-2015 19:00:28 Windows Backup
21-06-2015 22:44:41 Windows Backup
28-06-2015 02:30:11 Installed QuickTime 7
28-06-2015 07:29:27 Removed Apple Application Support
28-06-2015 07:30:34 Removed Apple Software Update
28-06-2015 07:31:17 Removed QuickTime 7
04-07-2015 08:49:00 avast! antivirus system restore point
04-07-2015 08:57:52 Windows Backup
04-07-2015 13:24:45 avast! antivirus system restore point
04-07-2015 13:44:40 avast! antivirus system restore point
04-07-2015 14:38:53 Checkpoint by HitmanPro
04-07-2015 14:39:42 Checkpoint by HitmanPro
04-07-2015 15:24:58 Windows Update
04-07-2015 16:02:57 avast! antivirus system restore point
04-07-2015 16:36:11 avast! antivirus system restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-07-04 14:57 - 00000768 ___RA C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08E7F967-E580-4036-9B5D-7DE3012A294F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {185E3DBC-FDC5-4235-8FDE-16FF17797377} - System32\Tasks\{B40DA344-C3F9-486D-911D-92A5E48179D4} => pcalua.exe -a C:\Users\Lewis\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {21122A63-5A62-4F84-A1EA-1984B34E6241} - System32\Tasks\{75893DFF-975B-473D-AA75-9E6E6CDDE341} => pcalua.exe -a D:\setup.exe -d D:\
Task: {223A9C25-F81C-46EA-8C7D-4A79E134DC95} - System32\Tasks\{E0C02BB2-E10A-4787-843C-8DBE4BAFCF49} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2015-05-14] (Microsoft Corporation)
Task: {3787A3F1-83A5-4EEB-9EF5-BC374252B921} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-02-07] (PC-Doctor, Inc.)
Task: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {62A7C9AA-F510-4D81-909F-26778A6DB35E} - System32\Tasks\{21393BC9-002B-43ED-B749-9A0026DB4186} => pcalua.exe -a "C:\Users\Lewis\Downloads\Adobe and Java\air3-5_win (1).exe" -d "C:\Users\Lewis\Downloads\Adobe and Java"
Task: {7DEF8614-54A8-455C-8768-AC3732A06F6E} - System32\Tasks\{C4D97FD5-2396-4D20-8C8F-6FD164DF0495} => pcalua.exe -a C:\Users\Lewis\Downloads\TrojanKillerInstallerST.exe -d C:\Users\Lewis\Downloads
Task: {8D1BE01D-912E-49A5-BF89-4C43AFF54E95} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {94774780-6F8C-4488-AD85-C5A48CBCD8A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9F98FE49-CF45-4470-BF74-93022BB8A52C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {A68A44E8-C312-484C-A37A-A4308FFF5F35} - System32\Tasks\{99AA92E9-46E5-4C3A-9297-4DC61C4CBB5E} => pcalua.exe -a "C:\Users\Lewis\Downloads\startuplite-setup-1.07 (1).exe" -d C:\Users\Lewis\Downloads
Task: {A81AA10F-0C68-4850-B159-81CE8F86638E} - System32\Tasks\{82B351B4-9BE0-46D5-9007-5A319806C10E} => pcalua.exe -a "C:\Program Files (x86)\ERUNT\unins000.exe"
Task: {C8A0B1EF-464E-430A-B8EA-4C9E1527B067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)
Task: {D0A70245-A2B9-453E-8699-A65990F429B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION
Task: {DBE087F4-8B41-46B7-9017-DB78DC55353F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11] (Google Inc.)
Task: {DEF5643B-367E-4A5A-B336-F79B1EF5DB7F} - System32\Tasks\{68313C00-F4BB-4305-8EEB-2FC4046E7DBD} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
Task: {E153AC8B-C2FB-4F5B-99E9-31F8CCB775F0} - System32\Tasks\{543E591B-B6AD-46F7-BB73-E3727BEF2071} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {F372CCE8-66B8-4D17-BCFC-CA0D5F3A91D0} - System32\Tasks\{56D83FD3-0E5D-404C-8614-0EF2D9E14D76} => pcalua.exe -a C:\Users\Lewis\Downloads\setup-trojan-killer-a01.exe -d C:\Users\Lewis\Downloads
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job => C:\Users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-03-03 16:50 - 2009-11-04 09:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 ____C () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-01-05 01:09 - 2010-11-06 01:50 - 00058880 ____C () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-06-09 17:41 - 2015-06-05 14:22 - 01281864 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 17:41 - 2015-06-05 14:22 - 00080712 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 12721 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 3
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Bluetooth Device Monitor => 3
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 3
MSCONFIG\Services: BTHSSecurityMgr => 3
MSCONFIG\Services: DellDigitalDelivery => 3
MSCONFIG\Services: dleaCATSCustConnectService => 2
MSCONFIG\Services: dlea_device => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: hmpalertsvc => 2
MSCONFIG\Services: IAStorDataMgrSvc => 3
MSCONFIG\Services: LMS => 3
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: ReimageRealTimeProtection => 2
MSCONFIG\Services: sagentservice => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: SftService => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: UNS => 3
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Dell V310-V510 Series => "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D4BC1A75-993A-4D9E-91B9-99EA5424B7F6}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A7308F94-CF29-40B4-B426-4DE1012A4D12}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{016C78DD-0D71-4588-A16A-9DA4EA9F5433}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{19896ABE-6595-4EF9-BF98-46C6BF2305C1}] => (Allow) LPort=7000
FirewallRules: [{78F09170-0AA0-4D4D-89CE-E31D716428BE}] => (Allow) LPort=7000
FirewallRules: [{3C0DCB9E-411B-486C-BB0F-11DBB449C0E8}] => (Allow) C:\windows\system32\dleacoms.exe
FirewallRules: [{13C34006-AD3B-4F8B-9DC4-2CE16C1E74E6}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{EC995EB2-2D74-4857-8428-04C04C492016}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{A97E7586-1A6C-4EF9-AF8B-B4C636BE01A9}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{E5B77A04-9FCA-4B1D-8389-937D355983E4}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{858785ED-3D7D-4687-ACAA-C9322C257AAC}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exe
FirewallRules: [{4D476F96-EB80-4CCE-99E9-258BC5D40D28}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exe
FirewallRules: [TCP Query User{37C1316F-A736-43F8-99D2-437AFEE07D60}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exe
FirewallRules: [uDP Query User{B3238130-3967-4DCF-B0B6-8FA127B9C9EA}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{8E32FEC5-4BB1-4B81-AE71-C22BF39018F3}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exe
FirewallRules: [uDP Query User{B82CB4B5-285B-4A26-93E7-66C56B45E51B}C:\users\lewis\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lewis\appdata\local\akamai\netsession_win.exe
FirewallRules: [{11ACB871-BB58-4190-B5C6-8BA5ED1F4A96}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exe
FirewallRules: [{073C79D4-1720-4049-A942-7773FA164198}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exe
FirewallRules: [{90B9D05B-3EFA-4927-BA29-4FDF295C1AF8}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exe
FirewallRules: [{ECF7DA78-0B9E-4018-AD71-14D3CB3B6964}] => (Allow) C:\Program Files\Dell\Dashboard\DL__Dashboard.exe
FirewallRules: [{F411E236-18CD-426B-90CA-01D957019C66}] => (Allow) LPort=49194
FirewallRules: [{5B68883B-01F4-4BBA-BE2B-04C7B299FAD2}] => (Allow) LPort=5000
FirewallRules: [{BA3F8593-D95E-457E-88FB-82991BA41561}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{BA8442D6-8F9C-4336-9913-68BF01F48855}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{BA85C3EF-802B-45BC-A16A-3CC4C1CE3F38}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{1543273A-26CF-4919-A58F-7F4722F2D702}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{91162CBC-FB0F-497E-9719-DFC5222BFA3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5BF4D522-9117-4058-97A6-FB6B3173274F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2DC8C5C1-BB94-4C66-A165-AAD931AF0581}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D4B512EB-6FF6-4087-8315-4F9C6C4873CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C8B2E2AC-0B28-472E-A7F4-CFE102805160}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{17AB482F-48C0-4FAB-A7B1-BCA97E86C05B}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{B8CDAD3A-0811-47BF-9D32-AF10F8B80C74}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{FCFA4F2A-F0C4-47E4-B220-731F7859CABD}] => (Allow) C:\windows\system32\DLEAcoms.exe
FirewallRules: [{2342678C-D232-4C43-90AF-2043266AA8B6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1058DD1C-C9B7-4917-AC48-FA78449A7F11}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (07/05/2015 09:21:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/05/2015 06:35:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/05/2015 06:33:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Sophos Virus Removal Tool.; Error = 0x8007043c).
 
Error: (07/05/2015 06:33:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Sophos Virus Removal Tool.; Error = 0x8007043c).
 
Error: (07/05/2015 06:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.6.0.0, time stamp: 0x5115a519
Faulting module name: MurocApi.dll, version: 15.6.0.0, time stamp: 0x5115a44c
Exception code: 0xc0000005
Fault offset: 0x0000000000026990
Faulting process id: 0xd9c
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (07/05/2015 06:07:15 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
System errors:
=============
Error: (07/05/2015 02:49:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (07/05/2015 02:49:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/05/2015 02:49:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
MpFilter
 
Error: (07/05/2015 02:49:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
%%1053
 
Error: (07/05/2015 02:49:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
 
Error: (07/05/2015 02:49:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (07/05/2015 02:49:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/05/2015 02:48:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: 
%%31
 
Error: (07/05/2015 02:48:51 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (07/05/2015 02:37:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
 
Microsoft Office:
=========================
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c
 
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c
 
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c
 
Error: (07/05/2015 02:31:34 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c
 
Error: (07/05/2015 09:21:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\$RECYCLE.BIN\S-1-5-21-1422163307-3788927115-2030255185-1000\$R9BTRQA.exe
 
Error: (07/05/2015 06:35:12 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Lewis\Downloads\esetsmartinstaller_enu.exe
 
Error: (07/05/2015 06:33:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Sophos Virus Removal Tool.0x8007043c
 
Error: (07/05/2015 06:33:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Sophos Virus Removal Tool.0x8007043c
 
Error: (07/05/2015 06:14:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe15.6.0.05115a519MurocApi.dll15.6.0.05115a44cc00000050000000000026990d9c01d0b70b29b82feeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll92e88158-22fe-11e5-adea-4c80937bcb3a
 
Error: (07/05/2015 06:07:15 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 53%
Total physical RAM: 6051.18 MB
Available physical RAM: 2783.57 MB
Total Virtual: 12100.57 MB
Available Virtual: 8410 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:312.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDFF1CAD)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End of log ============================
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Lewis (administrator) on LEWIS-PC on 05-07-2015 17:27:55
Running from C:\Users\Lewis\Desktop
Loaded Profiles: Lewis (Available Profiles: Lewis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-07-04]
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D29B769C-100A-4F38-A28B-84B9F81A6B26}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]
CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]
CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]
CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]
CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]
CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]
CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]
CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]
CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-07-05]
CHR Extension: (Shareaholic for Pinterest) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2015-07-05]
CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-02]
CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-05] (SurfRight B.V.)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-04] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]
S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-05 17:27 - 2015-07-05 17:28 - 00032008 _____ C:\Users\Lewis\Desktop\FRST.txt
2015-07-05 17:25 - 2015-07-05 17:25 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2015-07-05 06:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-07-05 04:31 - 2015-07-05 04:31 - 00000000 ___DC C:\TDSSKiller_Quarantine
2015-07-04 18:16 - 2015-07-04 18:16 - 00021943 ____C C:\ComboFix.txt
2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software
2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe
2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software
2015-07-04 15:46 - 2015-07-04 15:46 - 00347816 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.135946980356890.2.1.Run.exe
2015-07-04 15:35 - 2015-07-05 17:20 - 00000280 _____ C:\windows\setupact.log
2015-07-04 15:35 - 2015-07-04 15:35 - 00002470 _____ C:\windows\PFRO.log
2015-07-04 15:35 - 2015-07-04 15:35 - 00000000 _____ C:\windows\setuperr.log
2015-07-04 15:33 - 2015-07-05 14:47 - 00000000 ___DC C:\EEK
2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys
2015-07-04 14:57 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\MFAData
2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData
2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg2015
2015-07-04 14:55 - 2015-07-04 14:57 - 04928968 _____ (AVG Technologies) C:\Users\Lewis\Downloads\avg_free_stb_all_5961p1_177.exe
2015-07-04 14:52 - 2015-07-04 15:33 - 159491248 _____ C:\Users\Lewis\Downloads\EmsisoftEmergencyKit.exe
2015-07-04 14:45 - 2015-07-05 14:47 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup505
2015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip
2015-07-04 14:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\ERUNT
2015-07-04 14:41 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-07-04 14:40 - 2015-07-04 14:40 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe
2015-07-04 14:13 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files\HitmanPro
2015-07-04 14:13 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-04 14:12 - 2015-07-04 14:52 - 00000000 ___DC C:\ProgramData\HitmanPro
2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe
2015-07-04 13:33 - 2015-07-04 13:41 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic.exe
2015-07-04 13:12 - 2015-07-04 13:19 - 14243008 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\mseinstall.exe
2015-07-04 13:10 - 2015-07-05 14:43 - 00000000 ___DC C:\ProgramData\Sophos
2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Sophos
2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-07-04 12:58 - 2015-07-04 13:08 - 126112144 _____ (Sophos Limited) C:\Users\Lewis\Downloads\Sophos Virus Removal Tool.exe
2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup
2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup
2015-07-04 11:07 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-04 11:07 - 2015-07-04 11:07 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-04 11:07 - 2015-07-04 11:07 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-04 11:07 - 2015-07-04 11:07 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-04 11:07 - 2015-07-04 11:07 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-04 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-07-04 10:50 - 2015-07-04 11:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2-4.exe
2015-07-04 09:25 - 2015-07-04 09:29 - 02244096 _____ C:\Users\Lewis\Downloads\AdwCleaner.exe
2015-06-20 08:27 - 2015-06-20 08:27 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip
2015-06-19 09:17 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart
2015-06-19 09:17 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Public\Desktop\BookSmart.lnk
2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb
2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData
2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart
2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe
2015-06-12 16:58 - 2015-06-20 08:35 - 00780814 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-06-12 16:27 - 2015-06-16 05:41 - 02945901 _____ (Thisisu) C:\Users\Lewis\Downloads\JRT.exe
2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe
2015-06-10 15:50 - 2015-06-10 15:50 - 00000194 _____ C:\Users\Lewis\Downloads\hosts-perm.bat
2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe
2015-06-06 05:48 - 2015-06-05 11:26 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150606-054841.backup
2015-06-06 05:47 - 2015-07-05 14:48 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-06 05:47 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-06-05 11:30 - 2015-06-05 11:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lewis\Downloads\tdsskiller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-05 17:27 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST
2015-07-05 17:25 - 2015-05-26 06:30 - 00780814 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-05 17:23 - 2014-02-11 18:38 - 01276040 _____ C:\windows\WindowsUpdate.log
2015-07-05 17:22 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files
2015-07-05 17:21 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-05 17:20 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 17:20 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-05 16:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job
2015-07-05 16:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 14:57 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-05 14:57 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-05 14:49 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-05 14:48 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis
2015-07-05 14:47 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX
2015-07-05 14:47 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller
2015-07-05 14:47 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-05 14:47 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 14:47 - 2014-12-22 06:02 - 00000000 ____D C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio
2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\SysWOW64\vbox
2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\system32\vbox
2015-07-05 14:47 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-05 14:47 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive
2015-07-05 14:47 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses
2015-07-05 14:47 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt
2015-07-05 14:47 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 14:47 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-05 14:46 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2015-07-05 14:44 - 2014-12-22 06:46 - 00000000 ___DC C:\RegBackup
2015-07-05 14:43 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox
2015-07-05 13:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-05 07:08 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner
2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate
2015-07-05 04:41 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp
2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software
2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif
2015-07-04 14:48 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup
2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster
2015-07-04 11:53 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup
2015-07-04 10:37 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE
2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss
2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 _RHDC C:\MSOCache
2015-07-04 08:12 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer
2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement
2015-06-21 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job
2015-06-20 08:44 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-20 08:40 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini
2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_688
2015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_54
2015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment
2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_258
2015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser
2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT
2015-06-10 05:13 - 2012-03-04 03:42 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-06 15:40 - 2012-03-02 17:24 - 00000000 ____D C:\Temp
2015-06-06 15:11 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.0
2015-06-06 06:01 - 2012-03-03 16:49 - 05868101 ____C C:\ProgramData\dleascan.log
2015-06-06 06:00 - 2012-03-03 18:02 - 01809566 ____C C:\ProgramData\dlea.log
2015-06-06 04:37 - 2014-10-04 05:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-05 17:04 - 2013-07-28 19:31 - 00000000 ____D C:\Users\Lewis\Documents\My Kindle Content
 
==================== Files in the root of some directories =======
 
2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-08-24 10:04 - 2014-11-13 08:40 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache
2013-08-24 10:05 - 2014-11-13 08:40 - 0655822 _____ () C:\Users\Lewis\AppData\Local\census.cache
2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache
2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg
2014-11-13 08:32 - 2014-11-13 08:32 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache
2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log
2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log
2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log
 
Some files in TEMP:
====================
C:\Users\Lewis\AppData\Local\Temp\dllnt_dump.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\CISVC.EXE
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-04 19:54
 
==================== End of log ============================

 

 

Addition.txt

Link to post
Share on other sites

Thanks for the logs, I now see why the connection was lost first time around, was a problem with the winsock catalogue... Continue please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number


Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns..

 

Thank you,

 

Kevin....
 

 

 

Fixlist.txt

Link to post
Share on other sites

May I ask two questions so that I can make certain I understand the instructions correctly?

1. When you say "Run FRST" do you mean:

a. Open FRST, Run a Scan, and then click on "Fix" once.

or do you mean:

b. Open FRST, and just click on "Fix" once. [without running a scan]

2. If after running FRST and I am asked to reboot my laptop I should have a problem connecting to the internet as, I did last time I tried this, is there anything special you would like me to do or should I just try running "System Restore."

Note: Since running System Restore a few hours ago my laptop has gotten much slower.

Thank you

Link to post
Share on other sites

Kevin:

 

After the first system restore my laptop began to run slower and slower so I proceeded to follow your instructions.

 

 

I ran the FRST Fix. [see Log Attached]

 

After rebooting once again I could not connect my laptop to the Internet and running the Trouble Shooter did not find a cure. [see Connection Troubleshooting Image]

 

Before running System Restore yet again I ran ADWCleaner and JRT. [see Logs]

 

# AdwCleaner v4.207 - Logfile created 05/07/2015 at 19:52:59

# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lewis - LEWIS-PC
# Running from : C:\Users\Lewis\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R134].txt - [749 bytes] - [05/07/2015 19:50:15]
AdwCleaner[s17].txt - [673 bytes] - [05/07/2015 19:52:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s17].txt - [732  bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.1 (07.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lewis on Sun 07/05/2015 at 19:55:34.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Lewis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/05/2015 at 20:04:43.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

 

Since I could not connect to the Internet after the reboot I was unable to run the Microsoft Windows Malicious Software Removal Tool prior to doing a system restore.

 

Fearing I was infected I ran the Emisoft Emergency Tool Kit which I had already downloaded and found two infections. [see image attached]

 

I also ran RKILL. [see Results]

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)

Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/05/2015 08:19:02 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual
 
 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * NetBT (NetBT) is not Running.
   Startup Type set to: System
 
 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System
 
 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System
 
 * EFS [Missing Service]
 * KeyIso [Missing Service]
 * Netlogon [Missing Service]
 * ProtectedStorage [Missing Service]
 * SamSs [Missing Service]
 * Spooler [Missing Service]
 * VaultSvc [Missing Service]
 * WMPNetworkSvc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
 
Program finished at: 07/05/2015 08:23:30 PM
Execution time: 0 hours(s), 4 minute(s), and 28 seconds(s)

 

 

I then ran System Restore a second time and was able to connect to the internet and run the Microsoft Windows Malicious Software Removal Tool v5.25,

 

No infections were discovered. The “Log Report” has very little information. See Below.

 

Microsoft Windows Malicious Software Removal Tool v5.25,

June 2015 (build 5.25.11502.0)

Started On Sun Jul 05 21:05:50 2015

 

Engine: 1.1.11701.0

Signatures: 1.199.892.0

 

Question 1:  At the beginning of this process you had me “unhide” hidden files and to move some to my desktop.  What is the status of this now?  When I rebooted whatever I had moved to desktop disappeared.

 

Question 2:  How may I get FRST to work properly so each time I run “Fix” and reboot I do not lose connection to the Internet.

 

Note:  Please note that this FRST issue first raised its ugly head when I was working with another Malwarebytes technician.  He erroneously assured me the problem had been repaired but as you can see the problem remains.

 

See portion of transcript here:

 

RKILL WMPNetworkSvc [Missing Service] Infection?

Started by Purrington, May 29 2015 05:43 AM

 

Purrington: Why is it that when you requested I run FRST on May 29th two log reports appeared just fine but then after you had me download the “Fixit” list and then attempt to reboot that I could not do so without losing my Internet Connection and twice [the second time on June 1st] had to do a “System Restore” in order to login to the Internet? Has this issue been repaired?

 

Forum Deity: Yes, it is repaired.

 

Thank you.

post-62460-0-75264900-1436170486_thumb.j

Fixlog.txt

post-62460-0-38505600-1436170912_thumb.j

Link to post
Share on other sites

Question 1:  At the beginning of this process you had me “unhide” hidden files and to move some to my desktop.  What is the status of this now?  When I rebooted whatever I had moved to desktop disappeared.

 

That action was done to help locate any possible malware/infection, obviously system restore reset the value back....

When we clean up at the end that setting is always reset....

 

 

Question 2:  How may I get FRST to work properly so each time I run “Fix” and reboot I do not lose connection to the Internet.

 

When the FRST fix was run the winsock catalogue was corrupted, I saw that after the first run. In the second run I added a "Winsock Catalogue" reset command. Unfortunately it would seem from the second log that one of the sockets did not start see the following:

=========  netsh winsock reset =========Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.
Note:  Please note that this FRST issue first raised its ugly head when I was working with another Malwarebytes technician.  He erroneously assured me the problem had been repaired but as you can see the problem remains.

 

 

Please be aware that helpers on this forum are volunteers (myself included) and to not related to, or work for Malwarebytes company.....

 

Usually when the Winsock is corrupted the reset used with FRST command does reset all values and maintain the connection, i`m not really sure why this action failed, although the log does indicate a.dll file failed to start...

 

The Winsock can be reset maually from an "Elevated" command prompt with the following commands, select "enter" after each command.

 

netsh winsock reset catalog 

 

netsh int ip reset reset.log

 

Judging by your enlarged and reply fonts I assume you are not happy with my help, what do you want to do next?

 

Kevin....

Link to post
Share on other sites

Kevin: Firstly I am not unhappy with your efforts. I am frustrated with the slowness of my laptop and what appear to be recurring infections and an apparent difficulty in getting FRST to work effectively. My laptop is running very slowly. I just ran Hitman Pro and have attached a list of the infections it found. I should like your assistance if resolving these issues. If you will provide me with step by step instructions which I as a layperson can follow to repair FRST and/or any other issues affecting the performance of my laptop I shall be greatly appreciative. As I was typing this reply I ran ADWCleaner and it showed Registry Errors. [see attached] I need to clean them and do a reboot. Please advise me what you wish me to do and I shall comply. Thank you

post-62460-0-96224500-1436180284_thumb.j

post-62460-0-71422000-1436180311_thumb.j

Link to post
Share on other sites

Do the following:

 

Go HEREand download LSPfix and save it to your Desktop:

Rt click->>Extract(unzip) it to its own folder on your Desktop

Disconnect from the internet, and close all browser windows.

Open the LSPFix folder

Run LSPFix. Click the "I know what I'm doing" button.

In the left hand pane do you see any of the following or references to them, if so select to highlight each one ready to move:

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '

To move them to the "Remove" pane and by clicking the >> button.

Click Finish. Reboot to complete the process.

re-connect to the internet,

A tutorial for using LSPfix can be found HERE

 

Next,

 

Download Norton Power Eraser from here: and save direct to your Desktop. Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1 right click, select "Run as Administrator" accept UAC.


NPE1.png


The EULA will open, accept that to move on...


NPE2.png

The tool will check for updates/latest version


NPE3.png

The GUI will open, select "Scan for Risks"


NPE4.png

Rootkit scan alert will open, select "Restart"


NPE5.png

Rootkit scan preparations will time out and Reboot the system.


NPE6.png

Tool will will restart and check for update, do nothing.


NPE7.png

System scan will start, do nothing.


NPE8.png

If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.


NPE9.png

To remove "found entries" the system will need to restart, select that option.


NPE10.png

If applicable select "Locate Log" attach to reply. Select "Done" when complete....

.
 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....
 

Let me see those logs in your reply, also any remaining issues or concerns....

 

Thank you,

 

Kevin....

Link to post
Share on other sites

Kevin:

 

My laptop is running very slowly even after the Norton Scan.

 

It takes a few minutes for a browser page to come up.

 

I do hope that when the next FRST Fix is run that my internet connection is not lost and that I do not have to do another System Restore.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Lewis (administrator) on LEWIS-PC on 06-07-2015 10:31:47
Running from C:\Users\Lewis\Desktop
Loaded Profiles: Lewis (Available Profiles: Lewis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-05] (Avast Software s.r.o.)
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-07-04]
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-05] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-05] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D29B769C-100A-4F38-A28B-84B9F81A6B26}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]
CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]
CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]
CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]
CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]
CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]
CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]
CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]
CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-07-05]
CHR Extension: (Shareaholic for Pinterest) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2015-07-05]
CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-07-05]
CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]
CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-05] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-05] (Avast Software)
S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-05] (SurfRight B.V.)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-05] ()
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-04] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-05] (Avast Software)
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]
S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 10:31 - 2015-07-06 10:32 - 00033767 _____ C:\Users\Lewis\Desktop\FRST.txt
2015-07-06 10:26 - 2015-07-06 10:31 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2015-07-06 10:03 - 2015-07-06 10:03 - 00000000 ___DC C:\NPE
2015-07-06 10:01 - 2015-07-06 10:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\NPE
2015-07-06 10:01 - 2015-07-06 10:01 - 00000000 ___DC C:\ProgramData\Norton
2015-07-06 09:54 - 2015-07-06 09:54 - 00000000 _____ C:\windows\SysWOW64\SBRC.dat
2015-07-06 09:43 - 2015-07-06 10:00 - 03088296 _____ (Symantec Corporation) C:\Users\Lewis\Desktop\NPE.exe
2015-07-06 09:17 - 2015-07-06 09:17 - 00000000 ____D C:\Users\Lewis\Desktop\lspfix
2015-07-06 09:11 - 2015-07-06 10:21 - 00000168 _____ C:\windows\setupact.log
2015-07-06 09:11 - 2015-07-06 09:11 - 00002862 _____ C:\windows\PFRO.log
2015-07-06 09:11 - 2015-07-06 09:11 - 00000000 _____ C:\windows\setuperr.log
2015-07-06 09:05 - 2015-07-06 09:05 - 00201030 _____ C:\Users\Lewis\Desktop\lspfix.zip
2015-07-06 09:05 - 2015-07-06 09:05 - 00201030 _____ C:\Users\Lewis\Desktop\lspfix (1).zip
2015-07-06 08:35 - 2015-07-06 08:35 - 02494944 _____ (Trend Micro Inc.) C:\Users\Lewis\Desktop\HousecallLauncher64.exe
2015-07-06 08:26 - 2015-07-06 08:26 - 00023558 ____C C:\ComboFix.txt
2015-07-06 08:07 - 2015-07-06 08:07 - 00000134 _____ C:\Users\Lewis\Desktop\Microsoft Fix it.url
2015-07-06 07:48 - 2015-07-06 10:26 - 00011450 _____ C:\windows\WindowsUpdate.log
2015-07-06 07:09 - 2015-07-06 07:10 - 00305288 _____ C:\Users\Lewis\Documents\cc_20150706_070952.reg
2015-07-05 21:52 - 2015-07-05 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-05 21:51 - 2015-07-06 09:14 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-05 21:51 - 2015-07-05 21:52 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys
2015-07-05 21:51 - 2015-07-05 21:51 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys
2015-07-05 21:51 - 2015-07-05 21:51 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe
2015-07-05 21:51 - 2015-07-05 21:51 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys
2015-07-05 21:51 - 2015-07-05 21:51 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys
2015-07-05 21:51 - 2015-07-05 21:51 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys
2015-07-05 21:51 - 2015-07-05 21:51 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys
2015-07-05 21:51 - 2015-07-05 21:51 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys
2015-07-05 21:51 - 2015-07-05 21:51 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr
2015-07-05 21:51 - 2015-07-05 21:51 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys
2015-07-05 20:48 - 2015-07-06 06:08 - 00000745 _____ C:\Users\Lewis\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-05 20:48 - 2015-07-05 21:05 - 52822240 _____ (Microsoft Corporation) C:\Users\Lewis\Desktop\Windows-KB890830-x64-V5.25.exe
2015-07-05 06:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-07-05 04:31 - 2015-07-06 07:25 - 00000000 ___DC C:\TDSSKiller_Quarantine
2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software
2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_softonic (1).exe
2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe
2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software
2015-07-04 15:46 - 2015-07-04 15:46 - 00347816 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.135946980356890.2.1.Run.exe
2015-07-04 15:33 - 2015-07-06 07:32 - 00000000 ___DC C:\EEK
2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys
2015-07-04 14:57 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\MFAData
2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData
2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg2015
2015-07-04 14:52 - 2015-07-04 15:33 - 159491248 _____ C:\Users\Lewis\Downloads\EmsisoftEmergencyKit.exe
2015-07-04 14:45 - 2015-07-06 06:12 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup505
2015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip
2015-07-04 14:41 - 2015-07-06 06:14 - 00000000 ___DC C:\Program Files (x86)\ERUNT
2015-07-04 14:41 - 2015-07-06 06:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-07-04 14:40 - 2015-07-04 14:40 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe
2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ___DC C:\Program Files\HitmanPro
2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-07-04 14:12 - 2015-07-04 14:52 - 00000000 ___DC C:\ProgramData\HitmanPro
2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe
2015-07-04 13:12 - 2015-07-04 13:19 - 14243008 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\mseinstall.exe
2015-07-04 13:10 - 2015-07-05 14:43 - 00000000 ___DC C:\ProgramData\Sophos
2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Sophos
2015-07-04 13:09 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-07-04 12:58 - 2015-07-04 13:08 - 126112144 _____ (Sophos Limited) C:\Users\Lewis\Downloads\Sophos Virus Removal Tool.exe
2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup
2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup
2015-07-04 11:07 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-07-04 11:07 - 2015-07-04 11:07 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-07-04 11:07 - 2015-07-04 11:07 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-04 11:07 - 2015-07-04 11:07 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-07-04 11:07 - 2015-07-04 11:07 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-07-04 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-07-04 10:50 - 2015-07-04 11:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2-4.exe
2015-06-20 08:27 - 2015-07-06 05:31 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip
2015-06-19 09:17 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart
2015-06-19 09:17 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Public\Desktop\BookSmart.lnk
2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb
2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData
2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart
2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe
2015-06-12 16:58 - 2015-07-06 05:47 - 00780878 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe
2015-06-10 15:50 - 2015-06-10 15:50 - 00000194 _____ C:\Users\Lewis\Downloads\hosts-perm.bat
2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe
2015-06-06 05:48 - 2015-06-05 11:26 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150606-054841.backup
2015-06-06 05:47 - 2015-07-05 14:48 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-06 05:47 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 10:31 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST
2015-07-06 10:31 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 10:31 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 10:26 - 2015-05-26 06:30 - 00780878 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-06 10:23 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-06 10:23 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files
2015-07-06 10:22 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 10:21 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-06 09:54 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE
2015-07-06 09:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 08:54 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner
2015-07-06 08:30 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.0
2015-07-06 08:26 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox
2015-07-06 08:22 - 2009-07-13 22:34 - 00000215 ____C C:\windows\system.ini
2015-07-06 07:11 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp
2015-07-06 06:20 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-06 06:14 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt
2015-07-06 05:56 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-06 05:51 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini
2015-07-06 04:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job
2015-07-06 03:38 - 2009-07-14 01:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-07-05 20:39 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis
2015-07-05 20:38 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses
2015-07-05 20:38 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2015-07-05 20:38 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2015-07-05 14:47 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX
2015-07-05 14:47 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller
2015-07-05 14:47 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-05 14:47 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 14:47 - 2014-12-22 06:02 - 00000000 ____D C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio
2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\SysWOW64\vbox
2015-07-05 14:47 - 2014-11-16 11:54 - 00000000 ____D C:\windows\system32\vbox
2015-07-05 14:47 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-05 14:47 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive
2015-07-05 14:47 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 14:44 - 2014-12-22 06:46 - 00000000 ___DC C:\RegBackup
2015-07-05 13:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate
2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software
2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif
2015-07-04 14:57 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_297
2015-07-04 14:48 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup
2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster
2015-07-04 11:53 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup
2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss
2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime
2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 __RDC C:\MSOCache
2015-07-04 08:12 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer
2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement
2015-06-21 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job
2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_688
2015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_54
2015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment
2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_258
2015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser
2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT
2015-06-06 15:40 - 2012-03-02 17:24 - 00000000 ____D C:\Temp
2015-06-06 06:01 - 2012-03-03 16:49 - 05868101 ____C C:\ProgramData\dleascan.log
2015-06-06 06:00 - 2012-03-03 18:02 - 01809566 ____C C:\ProgramData\dlea.log
2015-06-06 04:37 - 2014-10-04 05:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-08-24 10:04 - 2014-11-13 08:40 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache
2013-08-24 10:05 - 2014-11-13 08:40 - 0655822 _____ () C:\Users\Lewis\AppData\Local\census.cache
2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache
2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg
2014-11-13 08:32 - 2014-11-13 08:32 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache
2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log
2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log
2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log
 
Some files in TEMP:
====================
C:\Users\Lewis\AppData\Local\Temp\Quarantine.exe
C:\Users\Lewis\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\CISVC.EXE
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-04 19:54
 
==================== End of log ============================

Addition.txt

Link to post
Share on other sites

Ok I guess we have to give FRST another roll....

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

If the connection is lost again try the following before using system restore.....

 

Select start, in the search box typ services.msc hit enter, in the new window check these entries are running and set to automatic:

DHCP Client

DNS Client

Go to Start > All Programs > Accessories > Right click on "Command Prompt" select "Run As Administrator"

 

Run the following commands hit the enter key after each one,

 

netsh winsock reset catalog

netsh int ipv4 reset reset.log

netsh int ipv6 reset reset.log

ipconfig /flushdns

ipconfig /release

ipconfig /renew

ipconfig /registerdns

 

Then reboot.

 

Let me see log from FRST, also give an update on any remaining issues or concerns.

 

Fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.