Mobogenie Infections

Purrington · July 6, 2015

Kevin:

After running FRST fix and rebooting I could not connect to the internet.

I followed the instructions you gave me in an effort to avoid another System Restore but that failed and I had to conduct another System.

My laptop is moving extremely slow.

What next?

Fixlog.txt

kevinf80 · July 6, 2015

Ok lets try a different approach:

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Download Combofix from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Purrington · July 6, 2015

Here ya go:

ComboFix 15-07-05.01 - Lewis 07/06/2015 15:19:15.6.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4391 [GMT -4:00]

Running from: c:\users\Lewis\Desktop\ComboFix.exe

AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2015-06-06 to 2015-07-06 )))))))))))))))))))))))))))))))

.

2015-07-06 19:24 . 2015-07-06 19:24 -------- d-----w- c:\users\Public\AppData\Local\temp

2015-07-06 19:24 . 2015-07-06 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-07-06 18:50 . 2015-07-06 18:50 12872 ----a-w- c:\windows\system32\bootdelete.exe

2015-07-06 14:03 . 2015-07-06 14:03 -------- dc----w- C:\NPE

2015-07-06 14:01 . 2015-07-06 18:20 -------- dc----w- c:\programdata\Norton

2015-07-06 14:01 . 2015-07-06 14:31 -------- d-----w- c:\users\Lewis\AppData\Local\NPE

2015-07-05 10:41 . 2015-07-05 18:47 -------- dc----w- c:\program files (x86)\Malwarebytes Anti-Exploit

2015-07-05 08:31 . 2015-07-06 11:25 -------- dc----w- C:\TDSSKiller_Quarantine

2015-07-04 21:45 . 2015-07-04 21:45 -------- d-----w- c:\users\Lewis\AppData\Roaming\AVAST Software

2015-07-04 20:26 . 2015-07-04 20:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC90FCF3-8FBB-4062-B9AA-397D8F8055DE}\offreg.892.dll

2015-07-04 20:03 . 2015-07-04 20:03 -------- dc----w- c:\program files\AVAST Software

2015-07-04 19:33 . 2015-07-06 18:59 -------- dc----w- C:\EEK

2015-07-04 19:33 . 2015-07-04 04:14 135800 ----a-w- c:\windows\system32\drivers\epp64.sys

2015-07-04 19:25 . 2015-06-24 05:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC90FCF3-8FBB-4062-B9AA-397D8F8055DE}\mpengine.dll

2015-07-04 18:57 . 2015-07-05 18:47 -------- dc----w- c:\programdata\MFAData

2015-07-04 18:57 . 2015-07-04 18:57 -------- d-----w- c:\users\Lewis\AppData\Local\MFAData

2015-07-04 18:57 . 2015-07-04 18:57 -------- d-----w- c:\users\Lewis\AppData\Local\Avg2015

2015-07-04 18:41 . 2015-07-06 18:20 -------- dc----w- c:\program files (x86)\ERUNT

2015-07-04 18:13 . 2015-07-06 00:38 -------- dc----w- c:\program files\HitmanPro

2015-07-04 18:12 . 2015-07-06 18:50 -------- dc----w- c:\programdata\HitmanPro

2015-07-04 17:10 . 2015-07-05 18:43 -------- dc----w- c:\programdata\Sophos

2015-07-04 17:09 . 2015-07-05 18:47 -------- dc----w- c:\program files (x86)\Sophos

2015-07-04 15:07 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe

2015-06-21 17:04 . 2015-07-06 18:21 -------- d-----w- c:\windows\system32\CatRoot2

2015-06-19 10:34 . 2015-06-21 20:57 -------- d-----w- c:\users\Lewis\.blurb

2015-06-19 10:33 . 2015-06-19 13:17 -------- dc----w- c:\program files (x86)\BookSmart

2015-06-10 09:04 . 2015-05-25 17:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 09:03 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-07-06 18:52 . 2015-02-17 21:25 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-07-04 18:48 . 2014-07-08 14:34 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2015-06-04 08:44 . 2015-06-04 08:44 136408 ----a-w- c:\windows\system32\drivers\260B73AD.sys

2015-05-30 08:40 . 2015-05-30 08:40 136408 ----a-w- c:\windows\system32\drivers\53BB69DD.sys

2015-05-27 12:02 . 2015-05-27 08:59 136408 ----a-w- c:\windows\system32\drivers\45E50E56.sys

2015-05-27 04:04 . 2012-03-04 07:42 140135120 ----a-w- c:\windows\system32\MRT.exe

2015-05-25 18:01 . 2015-06-10 09:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2015-05-01 13:17 . 2015-05-13 09:47 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-01 13:16 . 2015-05-13 09:47 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2015-04-20 03:17 . 2015-05-13 09:40 1647104 ----a-w- c:\windows\system32\DWrite.dll

2015-04-20 03:17 . 2015-05-13 09:40 1179136 ----a-w- c:\windows\system32\FntCache.dll

2015-04-20 02:56 . 2015-05-13 09:40 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll

2015-04-18 03:10 . 2015-05-13 09:45 460800 ----a-w- c:\windows\system32\certcli.dll

2015-04-18 02:56 . 2015-05-13 09:45 342016 ----a-w- c:\windows\SysWow64\certcli.dll

2015-04-15 14:41 . 2014-05-18 00:00 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2015-04-14 13:37 . 2015-02-17 21:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2015-04-14 13:37 . 2015-02-17 21:25 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2015-04-14 13:37 . 2015-02-17 21:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2015-04-14 07:38 . 2015-04-14 07:38 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL

2015-04-13 03:28 . 2015-05-13 09:41 328704 ----a-w- c:\windows\system32\services.exe

2015-04-12 15:25 . 2015-04-12 15:25 129752 ----a-w- c:\windows\system32\drivers\08AE79E0.sys

2015-04-08 03:29 . 2015-05-13 09:37 275456 ----a-w- c:\windows\system32\InkEd.dll

2015-04-08 03:29 . 2015-05-13 09:37 24576 ----a-w- c:\windows\system32\jnwmon.dll

2015-04-08 03:14 . 2015-05-13 09:37 216064 ----a-w- c:\windows\SysWow64\InkEd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableSecureUIAPath"= 1 (0x1)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]

R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]

R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

R4 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]

R4 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]

R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S1 epp64;epp64;c:\windows\system32\DRIVERS\epp64.sys;c:\windows\SYSNATIVE\DRIVERS\epp64.sys [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - OCGVTYIO

*Deregistered* - hitmanpro37

*Deregistered* - ocgvtyio

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-07-05 19:47 990024 -c--a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-07-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-07-04 15:52]

.

2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11 21:39]

.

2015-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-11 21:39]

.

2015-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job

- c:\users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16 18:37]

.

2015-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job

- c:\users\Lewis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-16 18:37]

.

2015-07-04 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-07-04 14:41]

.

2015-07-04 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-07-04 14:42]

.

2012-03-11 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]

.

2015-06-20 c:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job

- c:\program files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11 00:54]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]

2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]

2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]

2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2015-05-19 19:22 774984 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mDefault_Search_URL = hxxp://go.microsoft.com

mDefault_Page_URL = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SDWinLogon - SDWinLogon.dll

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)

ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)

ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)

ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)

AddRemove-76407d80-0c5b-4c0b-b224-36d0532264fa - c:\progra~3\INSTAL~2\{5F44F~1\Setup.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

Completion time: 2015-07-06 15:28:39

ComboFix-quarantined-files.txt 2015-07-06 19:28

ComboFix2.txt 2015-07-06 12:26

ComboFix3.txt 2015-07-04 22:16

ComboFix4.txt 2015-03-27 09:13

ComboFix5.txt 2015-07-06 19:18

.

Pre-Run: 334,556,839,936 bytes free

Post-Run: 334,635,433,984 bytes free

.

- - End Of File - - C52832A077455313207E3E7D979B8286

kevinf80 · July 6, 2015

Thanks for that log, run the following please:

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Post that log, also give a list of any remaining issues or concerns.....

Thank you,

Kevin

Purrington · July 6, 2015

Results of screen317's Security Check version 1.004

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Spybot - Search and Destroy

(On Access scanning disabled!)

Error obtaining update status for antivirus!

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 5.0

Spybot - Search & Destroy

Secunia PSI (3.0.0.9016)

Java 8 Update 45

Adobe Reader XI

Google Chrome (43.0.2357.124)

Google Chrome (43.0.2357.130)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Spybot Teatimer.exe is disabled!

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

kevinf80 · July 6, 2015

What remaining issue/concerns do you have?

Purrington · July 6, 2015

Kevin:

My laptop is moving very slowly. It take a few minutes to open a this browser page to reply to this topic.

I just downloaded ADWCleaner. It took nearly 10 minutes to download.

When I ran it a few infections came up. [see screen shot]

I also just ran an Emisoft Scan and an infection showed up their as well.

I am also wondering if the issue with FRST fix has been repaired so it may be run without my losing my internet connection and having to run a system restore.

Any suggestions?

Thank you.

kevinf80 · July 6, 2015

I believe the main issue we saw in the FRST logs were multiple group policy issues such as the following example:

HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

There were many more than the example, there is malware that uses such restrictions for its own purpose. I`ve just checked back over your thread and see that you have cryptoprevent installed, that application also uses same policy restrictions. Do you recall which Protection level you used?

Purrington · July 6, 2015

Crypto Prevent has been on my laptop for some time.

I do not recall establishing any protection level on Crypto Prevent.

What should I do?

Thank you.

kevinf80 · July 6, 2015

Cryptoprevent has 5 settings available from none through to maximum, I attach an image for reference, can you open the program and check what setting you have.

The two top end settings can have a negative effect on your system...

Purrington · July 7, 2015

The Crypto Prevent on my laptop is set a "Default" Set it and Forget it Protection.

Thank you

kevinf80 · July 7, 2015

Ok thanks for the update. I want you to run FRST again, this time we can ignore all group policy restrictions on software, see what happens when the new fix is run (if required)...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

Thank you,

Kevin....

Purrington · July 7, 2015

Kevin:

When I ran FRST the FRST.txt is cut off. This is the same issue we had previously.

Here is all that came up:

LastRegBack: 2015-07-04 19:54

==================== End of log ============================

FRST.txt

Addition.txt

Purrington · July 7, 2015

Kevin:

I just tried running FRST again in hopes the FRST.txt would come up in a full format but sadly it did not.

FRST.txt and Addition.txt are attached.

Thank you

FRST.txt

Addition.txt

kevinf80 · July 7, 2015

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

Purrington · July 7, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015

Ran by Lewis (administrator) on LEWIS-PC on 07-07-2015 17:09:00

Running from C:\Users\Lewis\Desktop

Loaded Profiles: Lewis (Available Profiles: Lewis)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-03]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-07-04]

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-06] (Avast Software s.r.o.)

ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)

ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)

ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll [2011-11-04] (New IT Solutions Ltd)

ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File

ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File

ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File

ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-06] (Avast Software s.r.o.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-06] (Avast Software s.r.o.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '

Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not ' & $found1 & '

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{2DB07389-E2D8-435C-8610-A2B4A482E18C}: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2014-07-14] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1422163307-3788927115-2030255185-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lewis\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-04]

Chrome:

=======

CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]

CHR Extension: (WOT) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-04]

CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]

CHR Extension: (Google Cast) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-27]

CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-05-05]

CHR Extension: (Google Search) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]

CHR Extension: (Google Finance) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-29]

CHR Extension: (Click&Clean) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2015-03-29]

CHR Extension: (AdBlock) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-05]

CHR Extension: (Avast Online Security) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-29]

CHR Extension: (Dropbox) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-05-29]

CHR Extension: (My Shareaholic) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagnaolanjedhkeiamdeidabdmdcofjl [2015-05-29]

CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-07-07]

CHR Extension: (Shareaholic for Pinterest) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2015-07-05]

CHR Extension: (Blogger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-05-29]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-28]

CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-07-05]

CHR Extension: (Google Wallet) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]

CHR Extension: (Click&Clean App) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-29]

CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]

CHR Extension: (Facebook Translate) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\plofenifjagmdikfcobngnfmmnfmphin [2015-05-05]

CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lewis\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-31]

CHR HKU\S-1-5-21-1422163307-3788927115-2030255185-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-06] (Avast Software s.r.o.)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-06] (Avast Software)

S4 CISVC; C:\Windows\SysWOW64\CISVC.EXE [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

S4 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()

S4 dlea_device; C:\windows\system32\dleacoms.exe [1052328 2010-05-21] ( )

S4 dlea_device; C:\windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )

S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-05] (SurfRight B.V.)

R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

S2 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-08-24] () <==== ATTENTION (zero byte File/Folder)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-06] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-06] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-06] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-06] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-06] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-06] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-06] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-06] ()

R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-07-04] (Emsisoft GmbH)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)

S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)

S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-07] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-07] ()

U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-06] (Avast Software)

S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]

S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]

S2 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 17:09 - 2015-07-07 17:09 - 00035617 _____ C:\Users\Lewis\Desktop\FRST.txt

2015-07-07 17:08 - 2015-07-07 17:08 - 02112512 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe

2015-07-07 14:48 - 2015-07-07 14:48 - 00000526 ____C C:\ProgramData\SMRResults501.dat

2015-07-07 13:26 - 2015-07-07 13:26 - 00107777 _____ C:\Users\Lewis\Desktop\Engraved in the gold protective cover beneath it are the words Fräulein Emma Rauschenbach de Dr. C. G. Jung, 16. Februar 1903.bmp

2015-07-07 11:00 - 2015-07-07 11:00 - 00000000 ___DC C:\ProgramData\F-Secure

2015-07-07 06:02 - 2015-07-07 06:02 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2015-07-07 06:02 - 2015-07-07 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2015-07-07 05:46 - 2015-07-07 05:46 - 00000085 _____ C:\windows\wininit.ini

2015-07-06 23:58 - 2015-07-06 23:27 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150706-235810.backup

2015-07-06 23:34 - 2015-07-06 23:34 - 00003246 _____ C:\windows\System32\Tasks\Trojan Killer

2015-07-06 23:34 - 2015-07-06 23:34 - 00000000 ___DC C:\ProgramData\GridinSoft

2015-07-06 23:30 - 2015-07-06 23:30 - 00442264 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswsp.sys

2015-07-06 23:30 - 2015-07-06 23:30 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update

2015-07-06 23:30 - 2015-07-06 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-07-06 23:30 - 2015-07-06 23:29 - 00272248 _____ C:\windows\system32\Drivers\aswVmm.sys

2015-07-06 23:30 - 2015-07-06 23:29 - 00137288 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswStm.sys

2015-07-06 23:29 - 2015-07-06 23:29 - 01047320 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswSnx.sys

2015-07-06 23:29 - 2015-07-06 23:29 - 00364472 _____ (Avast Software s.r.o.) C:\windows\system32\aswBoot.exe

2015-07-06 23:29 - 2015-07-06 23:29 - 00093528 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswRdr2.sys

2015-07-06 23:29 - 2015-07-06 23:29 - 00089944 _____ (Avast Software s.r.o.) C:\windows\system32\Drivers\aswMonFlt.sys

2015-07-06 23:29 - 2015-07-06 23:29 - 00065736 _____ C:\windows\system32\Drivers\aswRvrt.sys

2015-07-06 23:29 - 2015-07-06 23:29 - 00043112 _____ (Avast Software s.r.o.) C:\windows\avastSS.scr

2015-07-06 23:29 - 2015-07-06 23:29 - 00029168 _____ C:\windows\system32\Drivers\aswHwid.sys

2015-07-06 23:17 - 2015-07-06 23:18 - 18041416 _____ C:\Users\Lewis\Desktop\RogueKiller.exe

2015-07-06 23:12 - 2015-07-06 23:12 - 00053248 _____ C:\windows\SysWOW64\zlib.dll

2015-07-06 19:35 - 2015-06-19 09:17 - 00001973 _____ C:\Users\Lewis\Documents\BookSmart.lnk

2015-07-06 18:49 - 2015-07-06 18:57 - 02244096 _____ C:\Users\Lewis\Desktop\AdwCleaner (1).exe

2015-07-06 18:02 - 2015-07-06 18:02 - 00003146 _____ C:\windows\System32\Tasks\{95E82B63-DD89-4C64-9FF9-BEB2D94AA298}

2015-07-06 17:10 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys

2015-07-06 16:19 - 2015-07-06 16:46 - 02494944 _____ (Trend Micro Inc.) C:\Users\Lewis\Desktop\HousecallLauncher64.exe

2015-07-06 15:43 - 2015-07-06 16:01 - 03088296 _____ (Symantec Corporation) C:\Users\Lewis\Desktop\NPE.exe

2015-07-06 15:28 - 2015-07-06 15:28 - 00021622 ____C C:\ComboFix.txt

2015-07-06 14:50 - 2015-07-06 14:50 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe

2015-07-06 10:03 - 2015-07-07 14:30 - 00000000 ___DC C:\NPE

2015-07-06 10:01 - 2015-07-07 14:41 - 00000000 ____D C:\Users\Lewis\AppData\Local\NPE

2015-07-06 10:01 - 2015-07-06 16:01 - 00000000 ___DC C:\ProgramData\Norton

2015-07-05 20:48 - 2015-07-06 14:58 - 00000745 _____ C:\Users\Lewis\Desktop\Start Emsisoft Emergency Kit.lnk

2015-07-05 20:48 - 2015-07-05 21:05 - 52822240 _____ (Microsoft Corporation) C:\Users\Lewis\Desktop\Windows-KB890830-x64-V5.25.exe

2015-07-05 06:41 - 2015-07-05 14:47 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Exploit

2015-07-05 04:31 - 2015-07-06 19:21 - 00000000 ___DC C:\TDSSKiller_Quarantine

2015-07-04 17:45 - 2015-07-04 17:45 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\AVAST Software

2015-07-04 16:29 - 2015-07-04 16:34 - 05481344 _____ (Avast Software s.r.o.) C:\Users\Lewis\Downloads\avast_free_antivirus_setup_online_softonic (1).exe

2015-07-04 16:03 - 2015-07-04 16:03 - 00000000 ___DC C:\Program Files\AVAST Software

2015-07-04 15:46 - 2015-07-04 15:46 - 00347816 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.135946980356890.2.1.Run.exe

2015-07-04 15:35 - 2015-07-07 14:48 - 00001176 _____ C:\windows\setupact.log

2015-07-04 15:35 - 2015-07-07 07:12 - 00007664 _____ C:\windows\PFRO.log

2015-07-04 15:35 - 2015-07-04 15:35 - 00000000 _____ C:\windows\setuperr.log

2015-07-04 15:33 - 2015-07-06 22:53 - 00000000 ___DC C:\EEK

2015-07-04 15:33 - 2015-07-04 00:14 - 00135800 _____ (Emsisoft GmbH) C:\windows\system32\Drivers\epp64.sys

2015-07-04 14:57 - 2015-07-05 14:47 - 00000000 ___DC C:\ProgramData\MFAData

2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\MFAData

2015-07-04 14:57 - 2015-07-04 14:57 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avg2015

2015-07-04 14:52 - 2015-07-04 15:33 - 159491248 _____ C:\Users\Lewis\Downloads\EmsisoftEmergencyKit.exe

2015-07-04 14:45 - 2015-07-06 14:21 - 00000000 ____D C:\Users\Lewis\Downloads\ccsetup505

2015-07-04 14:42 - 2015-07-04 14:44 - 06433386 _____ C:\Users\Lewis\Downloads\ccsetup505.zip

2015-07-04 14:41 - 2015-07-06 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-07-04 14:41 - 2015-07-06 14:20 - 00000000 ___DC C:\Program Files (x86)\ERUNT

2015-07-04 14:40 - 2015-07-04 14:40 - 00791393 _____ (Lars Hederer ) C:\Users\Lewis\Downloads\erunt-setup.exe

2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ___DC C:\Program Files\HitmanPro

2015-07-04 14:13 - 2015-07-05 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2015-07-04 14:12 - 2015-07-06 14:50 - 00000000 ___DC C:\ProgramData\HitmanPro

2015-07-04 13:55 - 2015-07-04 14:26 - 11032736 _____ (SurfRight B.V.) C:\Users\Lewis\Downloads\HitmanPro_x64.exe

2015-07-04 13:12 - 2015-07-04 13:19 - 14243008 _____ (Microsoft Corporation) C:\Users\Lewis\Downloads\mseinstall.exe

2015-07-04 13:10 - 2015-07-06 23:50 - 00000000 ___DC C:\ProgramData\Sophos

2015-07-04 12:20 - 2015-07-04 12:19 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122041.backup

2015-07-04 11:08 - 2015-06-21 13:32 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts.20150704-110847.backup

2015-07-04 11:07 - 2015-07-04 11:07 - 00000656 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2015-07-04 11:07 - 2015-07-04 11:07 - 00000628 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2015-07-04 11:07 - 2015-07-04 11:07 - 00000458 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

2015-07-04 11:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe

2015-07-04 10:50 - 2015-07-04 11:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Lewis\Downloads\spybot-2-4.exe

2015-06-20 08:27 - 2015-06-20 08:27 - 00000574 _____ C:\windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job

2015-06-19 18:39 - 2015-06-19 18:39 - 00106521 _____ C:\Users\Lewis\Downloads\carljungdepthpsychology-wordpress-com-2015-06-19-22_38_09-gxtxrwiq4xt7baeujswmik1txwa1rjh4.zip

2015-06-19 09:17 - 2015-07-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart

2015-06-19 06:34 - 2015-06-21 16:57 - 00000000 ____D C:\Users\Lewis\.blurb

2015-06-19 06:34 - 2015-06-19 06:35 - 00000000 ____D C:\Users\Lewis\Documents\BookSmartData

2015-06-19 06:33 - 2015-06-19 09:17 - 00000000 ___DC C:\Program Files (x86)\BookSmart

2015-06-14 12:41 - 2015-06-14 12:41 - 00417064 _____ () C:\Users\Lewis\Downloads\DellSystemDetect.exe

2015-06-12 16:58 - 2015-07-07 07:03 - 00780878 _____ C:\windows\SysWOW64\PerfStringBackup.INI

2015-06-12 16:14 - 2015-06-12 16:14 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lewis\Downloads\rkill64.exe

2015-06-10 15:50 - 2015-06-10 15:50 - 00000194 _____ C:\Users\Lewis\Downloads\hosts-perm.bat

2015-06-10 05:05 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-06-10 05:05 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-06-10 05:05 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2015-06-10 05:05 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2015-06-10 05:05 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2015-06-10 05:05 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-06-10 05:05 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe

2015-06-10 05:05 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2015-06-10 05:05 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2015-06-10 05:05 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2015-06-10 05:05 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2015-06-10 05:05 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2015-06-10 05:05 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe

2015-06-10 05:05 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2015-06-10 05:05 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2015-06-10 05:05 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2015-06-10 05:05 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2015-06-10 05:05 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll

2015-06-10 05:05 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2015-06-10 05:05 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll

2015-06-10 05:04 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-06-10 05:04 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2015-06-10 05:04 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll

2015-06-10 05:04 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2015-06-10 05:04 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2015-06-10 05:04 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-06-10 05:04 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-06-10 05:03 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-06-10 05:03 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2015-06-10 05:03 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-06-10 05:03 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2015-06-10 05:03 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-06-10 05:03 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2015-06-10 05:03 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2015-06-10 05:03 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2015-06-10 05:03 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2015-06-10 05:03 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2015-06-10 05:03 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2015-06-10 05:03 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2015-06-10 05:03 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2015-06-10 05:03 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2015-06-10 05:03 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2015-06-10 05:03 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2015-06-10 05:03 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2015-06-10 05:03 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2015-06-10 05:03 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2015-06-10 05:03 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-06-10 05:03 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2015-06-10 05:03 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2015-06-10 05:03 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2015-06-10 05:03 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2015-06-10 05:03 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2015-06-10 05:03 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2015-06-10 05:03 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2015-06-10 05:03 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2015-06-10 05:03 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2015-06-10 05:03 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2015-06-10 05:03 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2015-06-10 05:03 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-06-10 05:03 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-06-10 05:03 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-06-10 05:03 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-06-10 05:03 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-06-10 05:03 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2015-06-10 05:03 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-06-10 05:03 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-06-10 05:03 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-06-10 05:03 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-06-10 05:03 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-06-10 05:03 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-06-10 05:03 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2015-06-10 05:03 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-06-10 05:03 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-06-10 05:03 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-06-10 05:03 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-06-10 05:03 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-06-10 05:03 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-06-10 05:03 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-06-10 05:03 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-06-10 05:03 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-06-10 05:03 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-06-10 05:03 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-06-10 05:03 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-06-10 05:03 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-06-10 05:03 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-06-10 05:03 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-06-10 05:03 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-06-10 05:03 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-06-10 05:03 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll

2015-06-10 05:03 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll

2015-06-10 05:03 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys

2015-06-09 05:56 - 2015-06-09 05:56 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast

2015-06-09 05:55 - 2015-06-09 05:55 - 00931408 _____ (Google Inc.) C:\Users\Lewis\Downloads\chromecastinstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 17:09 - 2015-04-07 12:23 - 00000000 ___DC C:\FRST

2015-07-07 17:09 - 2013-10-04 05:48 - 00000000 ____D C:\Users\Lewis\Documents\Outlook Files

2015-07-07 16:59 - 2014-02-11 18:38 - 01563634 _____ C:\windows\WindowsUpdate.log

2015-07-07 16:55 - 2015-01-16 14:37 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000UA.job

2015-07-07 16:34 - 2014-03-11 17:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-07 15:42 - 2012-03-08 18:52 - 00000000 ____D C:\Users\Lewis\Documents\OneNote Notebooks

2015-07-07 14:58 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-07 14:58 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-07 14:53 - 2015-05-26 06:30 - 00780814 _____ C:\windows\system32\PerfStringBackup.INI

2015-07-07 14:50 - 2015-02-17 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-07-07 14:48 - 2014-03-11 17:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-07 14:48 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2015-07-07 12:33 - 2014-10-05 04:11 - 00000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-07-07 10:35 - 2014-03-08 19:29 - 00000000 ___RD C:\Users\Lewis\Google Drive

2015-07-07 09:55 - 2015-01-16 14:37 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422163307-3788927115-2030255185-1000Core.job

2015-07-07 09:48 - 2014-07-08 10:34 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys

2015-07-07 09:47 - 2014-12-17 08:02 - 00000000 ___DC C:\AdwCleaner

2015-07-07 07:15 - 2012-03-02 16:57 - 00109296 _____ C:\Users\Lewis\AppData\Local\GDIPFONTCACHEV1.DAT

2015-07-07 07:12 - 2009-07-14 00:45 - 00412120 _____ C:\windows\system32\FNTCACHE.DAT

2015-07-07 07:09 - 2009-07-13 22:34 - 00000546 _____ C:\windows\win.ini

2015-07-07 06:09 - 2015-06-06 05:47 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-07-07 06:06 - 2009-07-13 22:34 - 00450653 _____ C:\windows\system32\Drivers\etc\hosts_bak_50

2015-07-07 06:02 - 2015-06-06 05:47 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy

2015-07-07 05:44 - 2009-07-13 22:34 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts.20150707-060600.backup

2015-07-06 23:58 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150707-045707.backup

2015-07-06 23:41 - 2013-08-24 10:05 - 01042259 _____ C:\Users\Lewis\AppData\Local\census.cache

2015-07-06 23:41 - 2013-08-24 10:04 - 00068817 _____ C:\Users\Lewis\AppData\Local\ars.cache

2015-07-06 23:35 - 2014-11-13 08:32 - 00000010 _____ C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache

2015-07-06 23:12 - 2014-12-03 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT

2015-07-06 17:17 - 2012-01-05 01:22 - 00000000 ____D C:\ProgramData\Temp

2015-07-06 16:23 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apps\2.0

2015-07-06 15:28 - 2015-03-26 19:10 - 00000000 ___DC C:\Qoobox

2015-07-06 15:24 - 2009-07-13 22:34 - 00000215 ____C C:\windows\system.ini

2015-07-06 14:22 - 2012-03-02 16:56 - 00000000 ____D C:\Users\Lewis

2015-07-06 14:22 - 2009-07-14 01:08 - 00032592 _____ C:\windows\Tasks\SCHEDLGU.TXT

2015-07-06 14:21 - 2015-04-04 07:58 - 00000000 ___SD C:\windows\system32\GWX

2015-07-06 14:21 - 2015-03-28 06:48 - 00000000 ___DC C:\VIPRERESCUE

2015-07-06 14:21 - 2014-11-16 11:54 - 00000000 ____D C:\windows\SysWOW64\vbox

2015-07-06 14:21 - 2014-11-16 11:54 - 00000000 ____D C:\windows\system32\vbox

2015-07-06 14:21 - 2014-01-15 13:42 - 00000000 ___DC C:\ProgramData\Licenses

2015-07-06 14:21 - 2014-01-14 08:54 - 00000000 ____D C:\windows\erdnt

2015-07-06 14:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF

2015-07-06 14:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration

2015-07-06 14:19 - 2014-12-22 06:46 - 00000000 ___DC C:\RegBackup

2015-07-05 14:47 - 2015-03-29 15:59 - 00000000 ___DC C:\ProgramData\RogueKiller

2015-07-05 14:47 - 2015-03-13 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2015-07-05 14:47 - 2015-02-17 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-05 14:47 - 2014-12-22 06:02 - 00000000 ____D C:\Users\Lewis\Downloads\tweaking.com_windows_repair_aio

2015-07-05 14:47 - 2014-03-11 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-07-05 14:47 - 2012-12-08 18:12 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

2015-07-05 13:04 - 2015-01-18 19:28 - 00000000 ___DC C:\ProgramData\Malwarebytes Anti-Exploit

2015-07-05 06:34 - 2014-12-25 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2015-07-05 06:34 - 2014-01-10 02:43 - 00000000 ___DC C:\ProgramData\InstallMate

2015-07-04 16:01 - 2014-11-16 08:35 - 00000000 ___DC C:\ProgramData\AVAST Software

2015-07-04 15:59 - 2013-12-05 06:47 - 00002201 _____ C:\windows\epplauncher.mif

2015-07-04 12:20 - 2009-07-13 22:34 - 00450775 ____R C:\windows\system32\Drivers\etc\hosts.20150704-122500.backup

2015-07-04 12:04 - 2014-01-28 18:50 - 00000000 ___DC C:\Program Files (x86)\SpywareBlaster

2015-07-04 11:08 - 2009-07-13 22:34 - 00450653 ____R C:\windows\system32\Drivers\etc\hosts.20150704-121944.backup

2015-07-04 08:51 - 2014-12-23 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

2015-07-04 08:46 - 2015-02-17 17:25 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-04 08:46 - 2012-03-11 16:47 - 00000000 ____D C:\windows\pss

2015-07-04 08:43 - 2013-06-23 17:50 - 00000000 ___DC C:\Program Files (x86)\QuickTime

2015-07-04 08:42 - 2012-03-02 17:48 - 00000000 __RDC C:\MSOCache

2015-06-28 02:33 - 2013-05-22 14:51 - 00000000 ____D C:\Users\Lewis\AppData\Local\Apple Computer

2015-06-23 13:30 - 2010-11-20 23:27 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2015-06-22 15:29 - 2013-12-27 13:59 - 00000000 ____D C:\Users\Lewis\Documents\Retirement

2015-06-20 06:09 - 2009-07-13 22:34 - 00000855 _____ C:\windows\system32\Drivers\etc\hosts_bak_688

2015-06-17 12:28 - 2009-07-13 22:34 - 00000768 _____ C:\windows\system32\Drivers\etc\hosts_bak_54

2015-06-14 12:41 - 2012-03-02 17:31 - 00000000 ____D C:\Users\Lewis\AppData\Local\Deployment

2015-06-12 16:22 - 2009-07-13 22:34 - 00000747 _____ C:\windows\system32\Drivers\etc\hosts_bak_258

2015-06-11 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache

2015-06-10 05:50 - 2014-12-10 05:52 - 00000000 ____D C:\windows\system32\appraiser

2015-06-10 05:50 - 2014-05-06 05:36 - 00000000 ___SD C:\windows\system32\CompatTel

2015-06-10 05:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions

2015-06-10 05:36 - 2012-03-02 17:48 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-06-10 05:31 - 2013-08-13 19:55 - 00000000 ____D C:\windows\system32\MRT

==================== Files in the root of some directories =======

2013-01-09 17:19 - 2013-01-09 17:19 - 0038446 _____ () C:\Users\Lewis\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-08-24 10:04 - 2015-07-06 23:41 - 0068817 _____ () C:\Users\Lewis\AppData\Local\ars.cache

2013-08-24 10:05 - 2015-07-06 23:41 - 1042259 _____ () C:\Users\Lewis\AppData\Local\census.cache

2015-04-07 19:14 - 2015-04-07 19:14 - 0003584 _____ () C:\Users\Lewis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-24 09:43 - 2013-08-24 09:43 - 0000036 _____ () C:\Users\Lewis\AppData\Local\housecall.guid.cache

2012-03-16 11:53 - 2012-03-16 11:53 - 0000017 _____ () C:\Users\Lewis\AppData\Local\resmon.resmoncfg

2014-11-13 08:32 - 2015-07-06 23:35 - 0000010 _____ () C:\Users\Lewis\AppData\Local\sponge.last.runtime.cache

2012-03-03 18:02 - 2015-06-06 06:00 - 1809566 ____C () C:\ProgramData\dlea.log

2012-03-03 17:25 - 2015-03-01 10:57 - 0037480 ____C () C:\ProgramData\dleaJSW.log

2012-03-03 16:49 - 2015-06-06 06:01 - 5868101 ____C () C:\ProgramData\dleascan.log

2015-07-07 14:48 - 2015-07-07 14:48 - 0000526 ____C () C:\ProgramData\SMRResults501.dat

Files to move or delete:

====================

C:\ProgramData\SMRResults501.dat

Some files in TEMP:

====================

C:\Users\Lewis\AppData\Local\Temp\dllnt_dump.dll

Some zero byte size files/folders:

==========================

C:\Windows\SysWOW64\CISVC.EXE

C:\Windows\SysWOW64\conhost.exe

C:\Windows\SysWOW64\csrss.exe

C:\Windows\SysWOW64\dwm.exe

C:\Windows\SysWOW64\lsass.exe

C:\Windows\SysWOW64\lsm.exe

C:\Windows\SysWOW64\services.exe

C:\Windows\SysWOW64\smss.exe

C:\Windows\SysWOW64\spoolsv.exe

C:\Windows\SysWOW64\taskhost.exe

C:\Windows\SysWOW64\winlogon.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-04 19:54

==================== End of log ============================

kevinf80 · July 7, 2015

Continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Post those logs, also give an update on any remaining issues or concerns...

Thanks,

Kevin..

Purrington · July 8, 2015

Kevin:

Before I proceed could you tell me what, if anything, I should do differently if after running the FRST fix and rebooting I again lose my internet connection?

Should I do a System Restore again and if so should I still run the JRT and Malicious Software Removal Tool?

Thank you

kevinf80 · July 8, 2015

I`m not expectiong the internet connection to be lost, I have left out the group policy entries which are known to be related to cryptoprevent and not malware/infection. I`ve also left out the suspicious winsock entries as they are inert and of no concern....

If the unexpected does happen, yes please use SR and yes still run JRT....

Cheers,

Kevin...

Purrington · July 8, 2015

Kevin:

I am sorry but when you write "Download attached fixlist.txt file (end of reply)" I do not see "fixlist.txt" at the end of your reply yesterday at 6:13 p.m.

Could you kindly reattach it on your next reply?

Thank you.

kevinf80 · July 8, 2015

mmm, not sure where that went. Is attached now...

Fixlist.txt

Purrington · July 8, 2015

Kevin:

1. After running the FRST "Fix" and rebooting my connection to the internet was once again lost.

2. I have attempted System Restore twice and each time System Restore has failed. Should I continue to attempt System Restore?

Below find the Fixlog.txt.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015

Ran by Lewis at 2015-07-08 08:54:55 Run:3

Running from C:\Users\Lewis\Desktop

Loaded Profiles: Lewis (Available Profiles: Lewis)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start