Purrington Posted July 6, 2015 Author ID:974554 Share Posted July 6, 2015 Kevin: After running FRST fix and rebooting I could not connect to the internet. I followed the instructions you gave me in an effort to avoid another System Restore but that failed and I had to conduct another System. My laptop is moving extremely slow. What next?Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974556 Share Posted July 6, 2015 Ok lets try a different approach: Read the following link before we continue and run Combofix:ComboFix usage, Questions, Help? - Look hereNext,Download Combofix from either of the following links :-http://download.bleepingcomputer.com/sUBs/ComboFix.exehttp://www.infospyware.net/antimalware/combofix/ Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.*EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)Post the log in next reply please...Kevin Link to post Share on other sites More sharing options...
Purrington Posted July 6, 2015 Author ID:974570 Share Posted July 6, 2015 Here ya go: ComboFix 15-07-05.01 - Lewis 07/06/2015 15:19:15.6.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4391 [GMT -4:00]Running from: c:\users\Lewis\Desktop\ComboFix.exeAV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2015-06-06 to 2015-07-06 )))))))))))))))))))))))))))))))..2015-07-06 19:24 . 2015-07-06 19:24 -------- d-----w- c:\users\Public\AppData\Local\temp2015-07-06 19:24 . 2015-07-06 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp2015-07-06 18:50 . 2015-07-06 18:50 12872 ----a-w- c:\windows\system32\bootdelete.exe2015-07-06 14:03 . 2015-07-06 14:03 -------- dc----w- C:\NPE2015-07-06 14:01 . 2015-07-06 18:20 -------- dc----w- c:\programdata\Norton2015-07-06 14:01 . 2015-07-06 14:31 -------- d-----w- c:\users\Lewis\AppData\Local\NPE2015-07-05 10:41 . 2015-07-05 18:47 -------- dc----w- c:\program files (x86)\Malwarebytes Anti-Exploit2015-07-05 08:31 . 2015-07-06 11:25 -------- dc----w- C:\TDSSKiller_Quarantine2015-07-04 21:45 . 2015-07-04 21:45 -------- d-----w- c:\users\Lewis\AppData\Roaming\AVAST Software2015-07-04 20:26 . 2015-07-04 20:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC90FCF3-8FBB-4062-B9AA-397D8F8055DE}\offreg.892.dll2015-07-04 20:03 . 2015-07-04 20:03 -------- dc----w- c:\program files\AVAST Software2015-07-04 19:33 . 2015-07-06 18:59 -------- dc----w- C:\EEK2015-07-04 19:33 . 2015-07-04 04:14 135800 ----a-w- c:\windows\system32\drivers\epp64.sys2015-07-04 19:25 . 2015-06-24 05:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC90FCF3-8FBB-4062-B9AA-397D8F8055DE}\mpengine.dll2015-07-04 18:57 . 2015-07-05 18:47 -------- dc----w- c:\programdata\MFAData2015-07-04 18:57 . 2015-07-04 18:57 -------- d-----w- c:\users\Lewis\AppData\Local\MFAData2015-07-04 18:57 . 2015-07-04 18:57 -------- d-----w- c:\users\Lewis\AppData\Local\Avg20152015-07-04 18:41 . 2015-07-06 18:20 -------- dc----w- c:\program files (x86)\ERUNT2015-07-04 18:13 . 2015-07-06 00:38 -------- dc----w- c:\program files\HitmanPro2015-07-04 18:12 . 2015-07-06 18:50 -------- dc----w- c:\programdata\HitmanPro2015-07-04 17:10 . 2015-07-05 18:43 -------- dc----w- c:\programdata\Sophos2015-07-04 17:09 . 2015-07-05 18:47 -------- dc----w- c:\program files (x86)\Sophos2015-07-04 15:07 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe2015-06-21 17:04 . 2015-07-06 18:21 -------- d-----w- c:\windows\system32\CatRoot22015-06-19 10:34 . 2015-06-21 20:57 -------- d-----w- c:\users\Lewis\.blurb2015-06-19 10:33 . 2015-06-19 13:17 -------- dc----w- c:\program files (x86)\BookSmart2015-06-10 09:04 . 2015-05-25 17:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2015-06-10 09:03 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-07-06 18:52 . 2015-02-17 21:25 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-07-04 18:48 . 2014-07-08 14:34 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys2015-06-04 08:44 . 2015-06-04 08:44 136408 ----a-w- c:\windows\system32\drivers\260B73AD.sys2015-05-30 08:40 . 2015-05-30 08:40 136408 ----a-w- c:\windows\system32\drivers\53BB69DD.sys2015-05-27 12:02 . 2015-05-27 08:59 136408 ----a-w- c:\windows\system32\drivers\45E50E56.sys2015-05-27 04:04 . 2012-03-04 07:42 140135120 ----a-w- c:\windows\system32\MRT.exe2015-05-25 18:01 . 2015-06-10 09:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll2015-05-01 13:17 . 2015-05-13 09:47 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-05-01 13:16 . 2015-05-13 09:47 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2015-04-20 03:17 . 2015-05-13 09:40 1647104 ----a-w- c:\windows\system32\DWrite.dll2015-04-20 03:17 . 2015-05-13 09:40 1179136 ----a-w- c:\windows\system32\FntCache.dll2015-04-20 02:56 . 2015-05-13 09:40 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll2015-04-18 03:10 . 2015-05-13 09:45 460800 ----a-w- c:\windows\system32\certcli.dll2015-04-18 02:56 . 2015-05-13 09:45 342016 ----a-w- c:\windows\SysWow64\certcli.dll2015-04-15 14:41 . 2014-05-18 00:00 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2015-04-14 13:37 . 2015-02-17 21:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2015-04-14 13:37 . 2015-02-17 21:25 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2015-04-14 13:37 . 2015-02-17 21:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2015-04-14 07:38 . 2015-04-14 07:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL2015-04-13 03:28 . 2015-05-13 09:41 328704 ----a-w- c:\windows\system32\services.exe2015-04-12 15:25 . 2015-04-12 15:25 129752 ----a-w- c:\windows\system32\drivers\08AE79E0.sys2015-04-08 03:29 . 2015-05-13 09:37 275456 ----a-w- c:\windows\system32\InkEd.dll2015-04-08 03:29 . 2015-05-13 09:37 24576 ----a-w- c:\windows\system32\jnwmon.dll2015-04-08 03:14 . 2015-05-13 09:37 216064 ----a-w- c:\windows\SysWow64\InkEd.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"GrpConv"="grpconv -o" [X].c:\users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"EnableSecureUIAPath"= 1 (0x1)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]R4 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]R4 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S1 epp64;epp64;c:\windows\system32\DRIVERS\epp64.sys;c:\windows\SYSNATIVE\DRIVERS\epp64.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - OCGVTYIO*Deregistered* - hitmanpro37*Deregistered* - ocgvtyio.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2015-07-05 19:47 990024 -c--a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-07-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-07-04 15:52].2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11 21:39].2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11 21:39].2015-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job- c:\users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16 18:37].2015-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job- c:\users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16 18:37].2015-07-04 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-07-04 14:41].2015-07-04 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-07-04 14:42].2012-03-11 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32].2015-06-20 c:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job- c:\program files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11 00:54]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.yahoo.com/mDefault_Search_URL = hxxp://go.microsoft.commDefault_Page_URL = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Notify-SDWinLogon - SDWinLogon.dllShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)AddRemove-76407d80-0c5b-4c0b-b224-36d0532264fa - c:\progra~3\INSTAL~2\{5F44F~1\Setup.exe...[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".Completion time: 2015-07-06 15:28:39ComboFix-quarantined-files.txt 2015-07-06 19:28ComboFix2.txt 2015-07-06 12:26ComboFix3.txt 2015-07-04 22:16ComboFix4.txt 2015-03-27 09:13ComboFix5.txt 2015-07-06 19:18.Pre-Run: 334,556,839,936 bytes freePost-Run: 334,635,433,984 bytes free.- - End Of File - - C52832A077455313207E3E7D979B8286 Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974583 Share Posted July 6, 2015 Thanks for that log, run the following please: Download Security Check by screen317 from either of the following:http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document.If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again... Post that log, also give a list of any remaining issues or concerns..... Thank you, Kevin Link to post Share on other sites More sharing options...
Purrington Posted July 6, 2015 Author ID:974589 Share Posted July 6, 2015 Results of screen317's Security Check version 1.004 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Spybot - Search and Destroy (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Spybot - Search & Destroy Secunia PSI (3.0.0.9016) Java 8 Update 45 Adobe Reader XI Google Chrome (43.0.2357.124) Google Chrome (43.0.2357.130) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974597 Share Posted July 6, 2015 What remaining issue/concerns do you have? Link to post Share on other sites More sharing options...
Purrington Posted July 6, 2015 Author ID:974609 Share Posted July 6, 2015 Kevin:My laptop is moving very slowly. It take a few minutes to open a this browser page to reply to this topic. I just downloaded ADWCleaner. It took nearly 10 minutes to download. When I ran it a few infections came up. [see screen shot] I also just ran an Emisoft Scan and an infection showed up their as well. I am also wondering if the issue with FRST fix has been repaired so it may be run without my losing my internet connection and having to run a system restore. Any suggestions? Thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974611 Share Posted July 6, 2015 I believe the main issue we saw in the FRST logs were multiple group policy issues such as the following example: HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.txt.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION There were many more than the example, there is malware that uses such restrictions for its own purpose. I`ve just checked back over your thread and see that you have cryptoprevent installed, that application also uses same policy restrictions. Do you recall which Protection level you used? Link to post Share on other sites More sharing options...
Purrington Posted July 6, 2015 Author ID:974613 Share Posted July 6, 2015 Crypto Prevent has been on my laptop for some time. I do not recall establishing any protection level on Crypto Prevent. What should I do? Thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted July 6, 2015 ID:974619 Share Posted July 6, 2015 Cryptoprevent has 5 settings available from none through to maximum, I attach an image for reference, can you open the program and check what setting you have.The two top end settings can have a negative effect on your system... Link to post Share on other sites More sharing options...
Purrington Posted July 7, 2015 Author ID:974652 Share Posted July 7, 2015 The Crypto Prevent on my laptop is set a "Default" Set it and Forget it Protection. Thank you Link to post Share on other sites More sharing options...
kevinf80 Posted July 7, 2015 ID:974713 Share Posted July 7, 2015 Ok thanks for the update. I want you to run FRST again, this time we can ignore all group policy restrictions on software, see what happens when the new fix is run (if required)... Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
Purrington Posted July 7, 2015 Author ID:974744 Share Posted July 7, 2015 Kevin: When I ran FRST the FRST.txt is cut off. This is the same issue we had previously. Here is all that came up: LastRegBack: 2015-07-04 19:54 ==================== End of log ============================FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Purrington Posted July 7, 2015 Author ID:974810 Share Posted July 7, 2015 Kevin: I just tried running FRST again in hopes the FRST.txt would come up in a full format but sadly it did not. FRST.txt and Addition.txt are attached. Thank youFRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 7, 2015 ID:974826 Share Posted July 7, 2015 Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs.... Link to post Share on other sites More sharing options...
Purrington Posted July 7, 2015 Author ID:974835 Share Posted July 7, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015Ran by Lewis (administrator) on LEWIS-PC on 07-07-2015 17:09:00Running from C:\Users\Lewis\DesktopLoaded Profiles: Lewis (Available Profiles: Lewis)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppHKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.com <====== ATTENTIONHKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: cipher.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.7z*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTIONHKLM Group Policy restriction on software: ** <====== ATTENTIONHKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.com <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.docx*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTIONHKLM Group Policy restriction on software: syskey.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rar*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.com <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.zip*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTIONHKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTIONHKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.png*.scr <====== ATTENTIONHKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTIONHKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTIONHKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTIONHKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTIONHKLM Group Policy restriction on software: *.gif*.com <====== ATTENTIONWinlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-07-04]ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-06] (Avast Software s.r.o.)ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No FileShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No FileShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No FileShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No FileBootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.comHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-06] (Avast Software s.r.o.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-06] (Avast Software s.r.o.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not foundWinsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & 'Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-04] Chrome: =======CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-07-07]CHR Extension: (Shareaholic for Pinterest) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2015-07-05]CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-07-05]CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-06] (Avast Software s.r.o.)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-06] (Avast Software)S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-05] (SurfRight B.V.)R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-06] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-06] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-06] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-06] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-06] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-06] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-06] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-06] ()R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-07] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-07] ()U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-06] (Avast Software)S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-07 17:09 - 2015-07-07 17:09 - 00035617 _____ C:\Users\Lewis\Desktop\FRST.txt2015-07-07 17:08 - 2015-07-07 17:08 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe2015-07-07 14:48 - 2015-07-07 14:48 - 00000526 ____C C:\ProgramData\SMRResults501.dat2015-07-07 13:26 - 2015-07-07 13:26 - 00107777 _____ C:\Users\Lewis\Desktop\Engraved in the gold protective cover beneath it are the words Fräulein Emma Rauschenbach de Dr. C. G. Jung, 16. Februar 1903.bmp2015-07-07 11:00 - 2015-07-07 11:00 - 00000000 ___DC C:\ProgramData\F-Secure2015-07-07 06:02 - 2015-07-07 06:02 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2015-07-07 06:02 - 2015-07-07 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22015-07-07 05:46 - 2015-07-07 05:46 - 00000085 _____ C:\windows\wininit.ini2015-07-06 23:58 - 2015-07-06 23:27 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150706-235810.backup2015-07-06 23:34 - 2015-07-06 23:34 - 00003246 _____ C:\windows\System32\Tasks\Trojan Killer2015-07-06 23:34 - 2015-07-06 23:34 - 00000000 ___DC C:\ProgramData\GridinSoft2015-07-06 23:30 - 2015-07-06 23:30 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys2015-07-06 23:30 - 2015-07-06 23:30 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update2015-07-06 23:30 - 2015-07-06 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-07-06 23:30 - 2015-07-06 23:29 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys2015-07-06 23:30 - 2015-07-06 23:29 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys2015-07-06 23:29 - 2015-07-06 23:29 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys2015-07-06 23:29 - 2015-07-06 23:29 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe2015-07-06 23:29 - 2015-07-06 23:29 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys2015-07-06 23:29 - 2015-07-06 23:29 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys2015-07-06 23:29 - 2015-07-06 23:29 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys2015-07-06 23:29 - 2015-07-06 23:29 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr2015-07-06 23:29 - 2015-07-06 23:29 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys2015-07-06 23:17 - 2015-07-06 23:18 - 18041416 _____ C:\Users\Lewis\Desktop\RogueKiller.exe2015-07-06 23:12 - 2015-07-06 23:12 - 00053248 _____ C:\windows\SysWOW64\zlib.dll2015-07-06 19:35 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Lewis\Documents\BookSmart.lnk2015-07-06 18:49 - 2015-07-06 18:57 - 02244096 _____ C:\Users\Lewis\Desktop\AdwCleaner (1).exe2015-07-06 18:02 - 2015-07-06 18:02 - 00003146 _____ C:\windows\System32\Tasks\{95E82B63-DD89-4C64-9FF9-BEB2D94AA298}2015-07-06 17:10 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys2015-07-06 16:19 - 2015-07-06 16:46 - 02494944 _____ (Trend Micro Inc.) C:\Users\Lewis\Desktop\HousecallLauncher64.exe2015-07-06 15:43 - 2015-07-06 16:01 - 03088296 _____ (Symantec Corporation) C:\Users\Lewis\Desktop\NPE.exe2015-07-06 15:28 - 2015-07-06 15:28 - 00021622 ____C C:\ComboFix.txt2015-07-06 14:50 - 2015-07-06 14:50 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe2015-07-06 10:03 - 2015-07-07 14:30 - 00000000 ___DC C:\NPE2015-07-06 10:01 - 2015-07-07 14:41 - 00000000 ____D C:\Users\Lewis\AppData\Local\NPE2015-07-06 10:01 - 2015-07-06 16:01 - 00000000 ___DC C:\ProgramData\Norton2015-07-05 20:48 - 2015-07-06 14:58 - 00000745 _____ C:\Users\Lewis\Desktop\Start Emsisoft Emergency Kit.lnk2015-07-05 20:48 - 2015-07-05 21:05 - 52822240 _____ (Microsoft Corporation) C:\Users\Lewis\Desktop\Windows-KB890830-x64-V5.25.exe2015-07-05 06:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-07-05 04:31 - 2015-07-06 19:21 - 00000000 ___DC C:\TDSSKiller_Quarantine2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software2015-07-04 15:46 - 2015-07-04 15:46 - 00347816 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.135946980356890.2.1.Run.exe2015-07-04 15:35 - 2015-07-07 14:48 - 00001176 _____ C:\windows\setupact.log2015-07-04 15:35 - 2015-07-07 07:12 - 00007664 _____ C:\windows\PFRO.log2015-07-04 15:35 - 2015-07-04 15:35 - 00000000 _____ C:\windows\setuperr.log2015-07-04 15:33 - 2015-07-06 22:53 - 00000000 ___DC C:\EEK2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys2015-07-04 14:57 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg20152015-07-04 14:52 - 2015-07-04 15:33 - 159491248 _____ C:\Users\Lewis\Downloads\EmsisoftEmergencyKit.exe2015-07-04 14:45 - 2015-07-06 14:21 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup5052015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip2015-07-04 14:41 - 2015-07-06 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2015-07-04 14:41 - 2015-07-06 14:20 - 00000000 ___DC C:\Program Files (x86)\ERUNT2015-07-04 14:40 - 2015-07-04 14:40 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ___DC C:\Program Files\HitmanPro2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2015-07-04 14:12 - 2015-07-06 14:50 - 00000000 ___DC C:\ProgramData\HitmanPro2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe2015-07-04 13:12 - 2015-07-04 13:19 - 14243008 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\mseinstall.exe2015-07-04 13:10 - 2015-07-06 23:50 - 00000000 ___DC C:\ProgramData\Sophos2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup2015-07-04 11:07 - 2015-07-04 11:07 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job2015-07-04 11:07 - 2015-07-04 11:07 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job2015-07-04 11:07 - 2015-07-04 11:07 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job2015-07-04 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2015-07-04 10:50 - 2015-07-04 11:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2-4.exe2015-06-20 08:27 - 2015-06-20 08:27 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip2015-06-19 09:17 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe2015-06-12 16:58 - 2015-07-07 07:03 - 00780878 _____ C:\windows\SysWOW64\PerfStringBackup.INI2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe2015-06-10 15:50 - 2015-06-10 15:50 - 00000194 _____ C:\Users\Lewis\Downloads\hosts-perm.bat2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-07 17:09 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST2015-07-07 17:09 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files2015-07-07 16:59 - 2014-02-11 18:38 - 01563634 _____ C:\windows\WindowsUpdate.log2015-07-07 16:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job2015-07-07 16:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-07 15:42 - 2012-03-08 18:52 - 00000000 ____D C:\Users\Lewis\Documents\OneNote Notebooks2015-07-07 14:58 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-07-07 14:58 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-07-07 14:53 - 2015-05-26 06:30 - 00780814 _____ C:\windows\system32\PerfStringBackup.INI2015-07-07 14:50 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-07-07 14:48 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-07-07 14:48 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-07-07 12:33 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-07-07 10:35 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive2015-07-07 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job2015-07-07 09:48 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys2015-07-07 09:47 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner2015-07-07 07:15 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT2015-07-07 07:12 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT2015-07-07 07:09 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini2015-07-07 06:09 - 2015-06-06 05:47 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 22015-07-07 06:06 - 2009-07-13 22:34 - 00450653 _____ C:\windows\system32\Drivers\etc\hosts_bak_502015-07-07 06:02 - 2015-06-06 05:47 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy2015-07-07 05:44 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150707-060600.backup2015-07-06 23:58 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150707-045707.backup2015-07-06 23:41 - 2013-08-24 10:05 - 01042259 _____ C:\Users\Lewis\AppData\Local\census.cache2015-07-06 23:41 - 2013-08-24 10:04 - 00068817 _____ C:\Users\Lewis\AppData\Local\ars.cache2015-07-06 23:35 - 2014-11-13 08:32 - 00000010 _____ C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache2015-07-06 23:12 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT2015-07-06 17:17 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp2015-07-06 16:23 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.02015-07-06 15:28 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox2015-07-06 15:24 - 2009-07-13 22:34 - 00000215 ____C C:\windows\system.ini2015-07-06 14:22 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis2015-07-06 14:22 - 2009-07-14 01:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT2015-07-06 14:21 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX2015-07-06 14:21 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE2015-07-06 14:21 - 2014-11-16 11:54 - 00000000 ____D C:\windows\SysWOW64\vbox2015-07-06 14:21 - 2014-11-16 11:54 - 00000000 ____D C:\windows\system32\vbox2015-07-06 14:21 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses2015-07-06 14:21 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt2015-07-06 14:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF2015-07-06 14:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration2015-07-06 14:19 - 2014-12-22 06:46 - 00000000 ___DC C:\RegBackup2015-07-05 14:47 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller2015-07-05 14:47 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com2015-07-05 14:47 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-07-05 14:47 - 2014-12-22 06:02 - 00000000 ____D C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio2015-07-05 14:47 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-07-05 14:47 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell2015-07-05 13:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 __RDC C:\MSOCache2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer2015-06-23 13:30 - 2010-11-20 23:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_6882015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_542015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_2582015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT ==================== Files in the root of some directories ======= 2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR2013-08-24 10:04 - 2015-07-06 23:41 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache2013-08-24 10:05 - 2015-07-06 23:41 - 1042259 _____ () C:\Users\Lewis\AppData\Local\census.cache2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg2014-11-13 08:32 - 2015-07-06 23:35 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log2015-07-07 14:48 - 2015-07-07 14:48 - 0000526 ____C () C:\ProgramData\SMRResults501.dat Files to move or delete:====================C:\ProgramData\SMRResults501.dat Some files in TEMP:====================C:\Users\Lewis\AppData\Local\Temp\dllnt_dump.dll Some zero byte size files/folders:==========================C:\Windows\SysWOW64\CISVC.EXEC:\Windows\SysWOW64\conhost.exeC:\Windows\SysWOW64\csrss.exeC:\Windows\SysWOW64\dwm.exeC:\Windows\SysWOW64\lsass.exeC:\Windows\SysWOW64\lsm.exeC:\Windows\SysWOW64\services.exeC:\Windows\SysWOW64\smss.exeC:\Windows\SysWOW64\spoolsv.exeC:\Windows\SysWOW64\taskhost.exeC:\Windows\SysWOW64\winlogon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-04 19:54 ==================== End of log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted July 7, 2015 ID:974853 Share Posted July 7, 2015 Continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log Post those logs, also give an update on any remaining issues or concerns... Thanks, Kevin.. Link to post Share on other sites More sharing options...
Purrington Posted July 8, 2015 Author ID:974898 Share Posted July 8, 2015 Kevin: Before I proceed could you tell me what, if anything, I should do differently if after running the FRST fix and rebooting I again lose my internet connection? Should I do a System Restore again and if so should I still run the JRT and Malicious Software Removal Tool? Thank you Link to post Share on other sites More sharing options...
kevinf80 Posted July 8, 2015 ID:974942 Share Posted July 8, 2015 I`m not expectiong the internet connection to be lost, I have left out the group policy entries which are known to be related to cryptoprevent and not malware/infection. I`ve also left out the suspicious winsock entries as they are inert and of no concern....If the unexpected does happen, yes please use SR and yes still run JRT.... Cheers, Kevin... Link to post Share on other sites More sharing options...
Purrington Posted July 8, 2015 Author ID:974946 Share Posted July 8, 2015 Kevin:I am sorry but when you write "Download attached fixlist.txt file (end of reply)" I do not see "fixlist.txt" at the end of your reply yesterday at 6:13 p.m. Could you kindly reattach it on your next reply? Thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted July 8, 2015 ID:974956 Share Posted July 8, 2015 mmm, not sure where that went. Is attached now...Fixlist.txt Link to post Share on other sites More sharing options...
Purrington Posted July 8, 2015 Author ID:974974 Share Posted July 8, 2015 Kevin: 1. After running the FRST "Fix" and rebooting my connection to the internet was once again lost. 2. I have attempted System Restore twice and each time System Restore has failed. Should I continue to attempt System Restore? Below find the Fixlog.txt. Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015Ran by Lewis at 2015-07-08 08:54:55 Run:3Running from C:\Users\Lewis\DesktopLoaded Profiles: Lewis (Available Profiles: Lewis)Boot Mode: Normal============================================== fixlist content:*****************StartS4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]C:\ProgramData\SMRResults501.datC:\Users\Lewis\AppData\Local\Temp\dllnt_dump.dllC:\Windows\SysWOW64\CISVC.EXEC:\Windows\SysWOW64\conhost.exeC:\Windows\SysWOW64\csrss.exeC:\Windows\SysWOW64\dwm.exeC:\Windows\SysWOW64\lsass.exeC:\Windows\SysWOW64\lsm.exeC:\Windows\SysWOW64\services.exeC:\Windows\SysWOW64\smss.exeC:\Windows\SysWOW64\spoolsv.exeC:\Windows\SysWOW64\taskhost.exeC:\Windows\SysWOW64\winlogon.exeTask: {3C0722CC-91F2-4A85-810C-700C5DF6B983} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTIONTask: {D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:5C321E34Emptytemp:End***************** CISVC => Service removed successfullyEFS => Service removed successfullyKeyIso => Unable to stop service.KeyIso => Service removed successfullyNetlogon => Service removed successfullyProtectedStorage => Service stopped successfully.ProtectedStorage => Service removed successfullySamSs => Unable to stop service.SamSs => Service removed successfullySpooler => Service stopped successfully.Spooler => Service removed successfullyVaultSvc => Service removed successfullycleanhlp => Service removed successfullyMpFilter => Service removed successfullyNisDrv => Service removed successfullyPCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service removed successfullyC:\ProgramData\SMRResults501.dat => moved successfully.C:\Users\Lewis\AppData\Local\Temp\dllnt_dump.dll => moved successfully.C:\Windows\SysWOW64\CISVC.EXE => moved successfully.C:\Windows\SysWOW64\conhost.exe => moved successfully.C:\Windows\SysWOW64\csrss.exe => moved successfully.C:\Windows\SysWOW64\dwm.exe => moved successfully.C:\Windows\SysWOW64\lsass.exe => moved successfully.C:\Windows\SysWOW64\lsm.exe => moved successfully.C:\Windows\SysWOW64\services.exe => moved successfully.C:\Windows\SysWOW64\smss.exe => moved successfully.C:\Windows\SysWOW64\spoolsv.exe => moved successfully.C:\Windows\SysWOW64\taskhost.exe => moved successfully.C:\Windows\SysWOW64\winlogon.exe => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C0722CC-91F2-4A85-810C-700C5DF6B983}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0722CC-91F2-4A85-810C-700C5DF6B983}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D740BBA7-9FB5-4E18-B4B1-BFD5B2E50593}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => key removed successfullyC:\ProgramData\Temp => ":5C321E34" ADS removed successfully.EmptyTemp: => 841.9 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 08:55:36 ==== Link to post Share on other sites More sharing options...
kevinf80 Posted July 8, 2015 ID:974995 Share Posted July 8, 2015 I fail to see why the connection was lost, there are no entries in the log to make that happen; is very odd for sure... I assume you have connection via another PC as you have made a reply... Leave system restore for now, lets see if you can d/l and transfer the following to sick PC, run and transfer logs and upload here.... Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.Make sure the following options are checked:Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows DefenderPress "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Next, Please download MiniToolBox from here: http://www.bleepingcomputer.com/download/minitoolbox/dl/65/ Transfer to sick PC save to desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesList Restore Points Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Thank you, Kevin.... Link to post Share on other sites More sharing options...
Purrington Posted July 8, 2015 Author ID:974996 Share Posted July 8, 2015 Kevin: I did not use another PC to send you my last reply. When I rebooted the message came up that the System Restore had failed but for reasons unknown to me I was then connected to the internet. Farbar Service Scanner Version: 17-01-2015Ran by Lewis (administrator) on 08-07-2015 at 11:12:58Running from "C:\Users\Lewis\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible. Windows Firewall:============= Firewall Disabled Policy: ================== System Restore:============ System Restore Policy: ======================== Action Center:============ Windows Update:============ Windows Autoupdate Disabled Policy: ============================ Windows Defender:============== Other Services:============== File Check:========C:\Windows\System32\nsisvc.dll => File is digitally signedC:\Windows\System32\drivers\nsiproxy.sys => File is digitally signedC:\Windows\System32\dhcpcore.dll => File is digitally signedC:\Windows\System32\drivers\afd.sys => File is digitally signedC:\Windows\System32\drivers\tdx.sys => File is digitally signedC:\Windows\System32\Drivers\tcpip.sys => File is digitally signedC:\Windows\System32\dnsrslvr.dll => File is digitally signedC:\Windows\System32\mpssvc.dll => File is digitally signedC:\Windows\System32\bfe.dll => File is digitally signedC:\Windows\System32\drivers\mpsdrv.sys => File is digitally signedC:\Windows\System32\SDRSVC.dll => File is digitally signedC:\Windows\System32\vssvc.exe => File is digitally signedC:\Windows\System32\wscsvc.dll => File is digitally signedC:\Windows\System32\wbem\WMIsvc.dll => File is digitally signedC:\Windows\System32\wuaueng.dll => File is digitally signedC:\Windows\System32\qmgr.dll => File is digitally signedC:\Windows\System32\es.dll => File is digitally signedC:\Windows\System32\cryptsvc.dll => File is digitally signedC:\Program Files\Windows Defender\MpSvc.dll => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** MiniToolBox by Farbar Version: 01-07-2015Ran by Lewis (administrator) on 08-07-2015 at 11:16:38Running from "C:\Users\Lewis\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Model: Inspiron N5110 Manufacturer: Dell Inc.Boot Mode: Normal*************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled.No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset.========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected) # ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4 resetset global icmpredirects=enabled popd# End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Lewis-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2 Physical Address. . . . . . . . . : 4C-80-93-7B-CB-37 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 4C-80-93-7B-CB-37 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030 Physical Address. . . . . . . . . : 4C-80-93-7B-CB-36 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::f10f:327f:4052:a174%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, July 08, 2015 10:33:55 AM Lease Expires . . . . . . . . . . : Thursday, July 09, 2015 10:33:56 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 239894675 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-96-E9-A4-24-B6-FD-02-5B-27 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : 24-B6-FD-02-5B-27 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 4C-80-93-7B-CB-3A DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{2DB07389-E2D8-435C-8610-A2B4A482E18C}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesServer: UnKnownAddress: 192.168.1.1 Name: google.comAddresses: 2607:f8b0:4006:80c::1003 173.194.123.64 173.194.123.73 173.194.123.68 173.194.123.66 173.194.123.71 173.194.123.69 173.194.123.67 173.194.123.72 173.194.123.70 173.194.123.65 173.194.123.78 Pinging google.com [173.194.123.64] with 32 bytes of data:Reply from 173.194.123.64: bytes=32 time=53ms TTL=54Reply from 173.194.123.64: bytes=32 time=108ms TTL=54 Ping statistics for 173.194.123.64: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 53ms, Maximum = 108ms, Average = 80msServer: UnKnownAddress: 192.168.1.1 Name: yahoo.comAddresses: 2001:4998:58:c02::a9 2001:4998:44:204::a7 2001:4998:c:a06::2:4008 206.190.36.45 98.139.183.24 98.138.253.109 Pinging yahoo.com [206.190.36.45] with 32 bytes of data:Reply from 206.190.36.45: bytes=32 time=118ms TTL=49Reply from 206.190.36.45: bytes=32 time=109ms TTL=49 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 109ms, Maximum = 118ms, Average = 113ms Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List 16...4c 80 93 7b cb 37 ......Microsoft Virtual WiFi Miniport Adapter #2 15...4c 80 93 7b cb 37 ......Microsoft Virtual WiFi Miniport Adapter 14...4c 80 93 7b cb 36 ......Intel® Centrino® Wireless-N 1030 13...24 b6 fd 02 5b 27 ......Realtek PCIe FE Family Controller 12...4c 80 93 7b cb 3a ......Bluetooth Device (Personal Area Network) 1...........................Software Loopback Interface 1 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface=========================================================================== IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.4 281 192.168.1.4 255.255.255.255 On-link 192.168.1.4 281 192.168.1.255 255.255.255.255 On-link 192.168.1.4 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.4 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.4 281===========================================================================Persistent Routes: None IPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 14 281 fe80::/64 On-link 14 281 fe80::f10f:327f:4052:a174/128 On-link 1 306 ff00::/8 On-link 14 281 ff00::/8 On-link===========================================================================Persistent Routes: None========================= Winsock entries ===================================== Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [] ()Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [] ()Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [File Not found] ()x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [File Not found] ()x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors:==================Error: (07/08/2015 09:23:31 AM) (Source: System Restore) (User: )Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0x80070005. Error: (07/08/2015 09:12:20 AM) (Source: System Restore) (User: )Description: An unspecified error occurred during System Restore: (Norton_Power_Eraser_20150707144022793). Additional information: 0xc0000022. Error: (07/08/2015 09:11:56 AM) (Source: Application Error) (User: )Description: Faulting application name: ZeroConfigService.exe, version: 15.6.0.0, time stamp: 0x5115a519Faulting module name: MurocApi.dll, version: 15.6.0.0, time stamp: 0x5115a44cException code: 0xc0000005Fault offset: 0x0000000000026990Faulting process id: 0xbb4Faulting application start time: 0xZeroConfigService.exe0Faulting application path: ZeroConfigService.exe1Faulting module path: ZeroConfigService.exe2Report Id: ZeroConfigService.exe3 Error: (07/07/2015 07:15:26 AM) (Source: .NET Runtime Optimization Service) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/07/2015 07:14:38 AM) (Source: .NET Runtime Optimization Service) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/06/2015 04:45:24 PM) (Source: Outlook) (User: )Description: Failed to determine if the store is in the crawl scope (error=0x8007043c). Error: (07/06/2015 04:45:24 PM) (Source: Outlook) (User: )Description: Failed to get the Crawl Scope Manager with error=0x8007043c. Error: (07/06/2015 04:45:24 PM) (Source: Outlook) (User: )Description: Failed to determine if the store is in the crawl scope (error=0x8007043c). Error: (07/06/2015 04:45:24 PM) (Source: Outlook) (User: )Description: Failed to get the Crawl Scope Manager with error=0x8007043c. Error: (07/06/2015 04:31:32 PM) (Source: MsiInstaller) (User: Lewis-PC)Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. System errors:=============Error: (07/08/2015 10:44:57 AM) (Source: Application Popup) (User: )Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (07/08/2015 10:16:17 AM) (Source: Service Control Manager) (User: )Description: MpFilter Error: (07/08/2015 10:15:30 AM) (Source: Service Control Manager) (User: )Description: Spybot-S&D 2 Scanner Service%%1053 Error: (07/08/2015 10:15:30 AM) (Source: Service Control Manager) (User: )Description: 30000Spybot-S&D 2 Scanner Service Error: (07/08/2015 10:14:59 AM) (Source: Service Control Manager) (User: )Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31 Error: (07/08/2015 10:14:36 AM) (Source: NETLOGON) (User: )Description: This computer is configured as a member of a workgroup, not asa member of a domain. The Netlogon service does not need to run in thisconfiguration. Error: (07/08/2015 10:07:23 AM) (Source: Service Control Manager) (User: )Description: 30000wbengine Error: (07/08/2015 10:01:47 AM) (Source: Service Control Manager) (User: )Description: MpFilter Error: (07/08/2015 10:01:06 AM) (Source: Service Control Manager) (User: )Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31 Error: (07/08/2015 10:01:03 AM) (Source: NETLOGON) (User: )Description: This computer is configured as a member of a workgroup, not asa member of a domain. The Netlogon service does not need to run in thisconfiguration. Microsoft Office Sessions:=========================Error: (07/08/2015 09:23:31 AM) (Source: System Restore)(User: )Description: Restore Operation0x80070005 Error: (07/08/2015 09:12:20 AM) (Source: System Restore)(User: )Description: Norton_Power_Eraser_201507071440227930xc0000022 Error: (07/08/2015 09:11:56 AM) (Source: Application Error)(User: )Description: ZeroConfigService.exe15.6.0.05115a519MurocApi.dll15.6.0.05115a44cc00000050000000000026990bb401d0b97f9e42c368C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dlle8591b56-2572-11e5-9fb8-4c80937bcb3a Error: (07/07/2015 07:15:26 AM) (Source: .NET Runtime Optimization Service)(User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/07/2015 07:14:38 AM) (Source: .NET Runtime Optimization Service)(User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/06/2015 04:45:24 PM) (Source: Outlook)(User: )Description: 0x8007043c Error: (07/06/2015 04:45:24 PM) (Source: Outlook)(User: )Description: 0x8007043c Error: (07/06/2015 04:45:24 PM) (Source: Outlook)(User: )Description: 0x8007043c Error: (07/06/2015 04:45:24 PM) (Source: Outlook)(User: )Description: 0x8007043c Error: (07/06/2015 04:31:32 PM) (Source: MsiInstaller)(User: Lewis-PC)Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)(NULL)(NULL) ========================= Devices: ================================ Name: TrueSightDescription: TrueSightClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: TrueSightDevice ID: ROOT\LEGACY_TRUESIGHT\0000Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ========================= Memory info: =================================== Percentage of memory in use: 60%Total physical RAM: 6051.18 MBAvailable physical RAM: 2376.43 MBTotal Virtual: 12100.57 MBAvailable Virtual: 9212.64 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:311.98 GB) NTFS ========================= Users: ======================================== User accounts for \\LEWIS-PC Administrator Guest Lewis ========================= Minidump Files ================================== No minidump file found ========================= Restore Points ================================== 28-05-2015 18:12:20 Installed Microsoft Fix it 5004329-05-2015 14:41:48 Restore Operation29-05-2015 14:50:51 avast! antivirus system restore point29-05-2015 15:38:27 Restore Operation29-05-2015 15:47:47 avast! antivirus system restore point29-05-2015 18:55:29 Installed AppNHost 1.0.5.131-05-2015 16:17:07 Removed AppNHost 1.0.5.131-05-2015 23:00:14 Windows Backup01-06-2015 14:51:47 Restore Operation01-06-2015 14:58:56 avast! antivirus system restore point06-06-2015 09:26:28 Installed Should I Remove It06-06-2015 11:56:52 Removed Should I Remove It07-06-2015 12:57:03 Installed AppNHost 1.0.5.107-06-2015 13:56:34 Removed AppNHost 1.0.5.108-06-2015 01:36:46 Windows Backup10-06-2015 09:07:18 Windows Update14-06-2015 23:00:28 Windows Backup22-06-2015 02:44:41 Windows Backup28-06-2015 06:30:11 Installed QuickTime 728-06-2015 11:29:27 Removed Apple Application Support28-06-2015 11:30:34 Removed Apple Software Update28-06-2015 11:31:17 Removed QuickTime 704-07-2015 12:49:00 avast! antivirus system restore point04-07-2015 12:57:52 Windows Backup04-07-2015 17:24:45 avast! antivirus system restore point04-07-2015 17:44:40 avast! antivirus system restore point04-07-2015 18:38:53 Checkpoint by HitmanPro04-07-2015 18:39:42 Checkpoint by HitmanPro04-07-2015 19:24:58 Windows Update04-07-2015 20:02:57 avast! antivirus system restore point04-07-2015 20:36:11 avast! antivirus system restore point05-07-2015 23:00:22 Windows Backup06-07-2015 00:34:02 Restore Operation06-07-2015 01:25:44 avast! antivirus system restore point06-07-2015 18:14:31 Restore Operation06-07-2015 18:50:12 Checkpoint by HitmanPro06-07-2015 20:11:21 Norton_Power_Eraser_2015070616110757007-07-2015 03:24:33 avast! antivirus system restore point07-07-2015 03:49:54 Removed Sophos Virus Removal Tool.07-07-2015 18:40:38 Norton_Power_Eraser_2015070714402279308-07-2015 13:05:43 Restore Operation08-07-2015 13:12:48 avast! antivirus system restore point08-07-2015 13:13:57 Restore Operation08-07-2015 13:49:43 avast! antivirus system restore point08-07-2015 14:02:30 avast! antivirus system restore point **** End of log **** Link to post Share on other sites More sharing options...
kevinf80 Posted July 8, 2015 ID:975032 Share Posted July 8, 2015 So your connection is good, am pleased to hear that. The last log from FRST fix had no removed entries that would have killed the internet connection, is really odd why this anomaly continues to raise its ugly head.. Can you run JRT as per reply #42, post that log. Also give an update on any remaining issues or concerns.... Thank you, Kevin..... Link to post Share on other sites More sharing options...
Recommended Posts