Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Non-stop pop up ads while web browsing...(Waiting for ib.adnxs.com message)?


  • This topic is locked This topic is locked
3 replies to this topic

#1 flyjetz

flyjetz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 31 January 2015 - 02:31 PM

I normally use McAfee on this computer.  We let the software subscription expire for about two weeks, and have now renewed it.  But in the interim, something bad has happened to the computer, and now whenever I browse (use Chrome 99.9% of the time), I get unending popup ads.  Closing the ads just calls up more and more popups.    There is a message at the lower left corner of the browser that constantly says "Waiting for ib.adnxs.com", and the browser tab at the top has a spinning blue wheel.

 

Here is the .txt file:  (the other file is attached)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by The Callows (administrator) on CALLOW-2 on 31-01-2015 13:21:08
Running from C:\Users\Matthew\Desktop
Loaded Profiles: The Callows (Available profiles: The Callows)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.82.106.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.82.106.0\OverwolfHelper64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015408 2013-03-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643576 2014-11-13] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [40688 2015-01-15] (Overwolf LTD)
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1465318420-4167670215-1546845147-1001 -> {BED399A3-B69D-4CE2-BD15-F0686D3B1611} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-29]
FF HKU\S-1-5-21-1465318420-4167670215-1546845147-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\KingTranslate\WCaptureMoz
FF Extension: WordCaptureX - C:\Program Files (x86)\KingTranslate\WCaptureMoz [2014-05-20]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (SiteAdvisor) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-30]
CHR Extension: (IBA Optout ) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-01-26]
CHR Extension: (WordCaptureX) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2014-05-20]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-05]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\KingTranslate\wcxChrome.crx [2013-02-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-01-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [660544 2014-12-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [604448 2014-12-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [228000 2014-12-19] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [312952 2014-12-20] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [221320 2014-12-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [336088 2014-11-13] (McAfee, Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-18] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-09] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70984 2014-12-19] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-06-01] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [368904 2014-12-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [340192 2014-12-19] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [100080 2014-12-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82584 2014-12-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [532424 2014-12-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [886488 2014-12-19] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [482600 2014-11-08] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [100720 2014-11-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [349328 2014-12-19] (McAfee, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-05] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:21 - 2015-01-31 13:21 - 00024701 _____ () C:\Users\Matthew\Desktop\FRST.txt
2015-01-31 13:21 - 2015-01-31 13:21 - 00000000 ____D () C:\FRST
2015-01-31 13:20 - 2015-01-31 13:20 - 02130944 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
2015-01-30 23:07 - 2015-01-30 23:07 - 00001115 _____ () C:\Users\Matthew\Desktop\JRT.txt
2015-01-30 23:04 - 2015-01-30 23:04 - 01707939 _____ (Thisisu) C:\Users\Matthew\Downloads\JRT.exe
2015-01-30 23:04 - 2015-01-30 23:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-30 22:50 - 2015-01-30 22:55 - 00000000 ____D () C:\AdwCleaner
2015-01-30 22:50 - 2015-01-30 22:50 - 02194432 _____ () C:\Users\Matthew\Downloads\AdwCleaner.exe
2015-01-30 15:43 - 2015-01-30 15:43 - 00021976 _____ () C:\WINDOWS\system32\Drivers\SPPD.sys
2015-01-29 23:44 - 2013-08-22 07:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150129-234412.backup
2015-01-29 22:53 - 2015-01-29 23:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-29 22:53 - 2015-01-29 22:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-29 22:53 - 2015-01-29 22:53 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-29 22:53 - 2015-01-29 22:53 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-29 22:53 - 2015-01-29 22:53 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-01-29 22:53 - 2015-01-29 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-29 22:53 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-01-29 22:51 - 2015-01-29 22:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Matthew\Downloads\spybot-2.4.exe
2015-01-29 22:47 - 2015-01-29 22:47 - 00001938 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2015-01-29 22:47 - 2015-01-29 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-29 22:47 - 2015-01-29 22:47 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2015-01-29 22:47 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-01-29 22:46 - 2015-01-29 22:47 - 00000000 ____D () C:\Program Files\McAfee
2015-01-29 22:46 - 2015-01-29 22:46 - 00000000 ____D () C:\Program Files\McAfee.com
2015-01-29 22:46 - 2014-12-31 05:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-29 22:45 - 2015-01-30 15:44 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-29 22:40 - 2015-01-29 22:47 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-01-29 22:40 - 2014-12-19 10:51 - 00221320 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2015-01-29 22:39 - 2015-01-29 22:39 - 07359688 _____ (McAfee, Inc.) C:\Users\Matthew\Downloads\Setup_serial_BBXYAAqh15u_Dht3J0AmnQ2_key.exe
2015-01-29 20:26 - 2015-01-29 20:26 - 22377402 _____ () C:\Users\Matthew\Downloads\The Lost Treasure of King Anubus.zip
2015-01-29 20:25 - 2015-01-29 20:25 - 00969819 _____ () C:\Users\Matthew\Downloads\34 Days Without Cake.zip
2015-01-29 17:46 - 2015-01-29 17:46 - 00011850 _____ () C:\Users\Matthew\Downloads\Updated application fee and waiver 2015 (2).xlsx
2015-01-28 17:19 - 2015-01-28 17:19 - 13012992 _____ () C:\Users\Matthew\Downloads\Parkour.bin
2015-01-28 17:19 - 2015-01-28 17:19 - 13012992 _____ () C:\Users\Matthew\Documents\Parkour.bin
2015-01-28 17:17 - 2015-01-28 17:17 - 11440128 _____ () C:\Users\Matthew\Documents\HarryPotterAdventurePart1and2.bin
2015-01-28 17:16 - 2015-01-28 17:17 - 11440128 _____ () C:\Users\Matthew\Downloads\HarryPotterAdventurePart1and2.bin
2015-01-28 16:20 - 2015-01-28 16:19 - 01753088 _____ () C:\Users\Matthew\Documents\Candy Parkour.bin
2015-01-28 16:19 - 2015-01-28 16:19 - 01753088 _____ () C:\Users\Matthew\Downloads\Candy Parkour.bin
2015-01-28 16:18 - 2015-01-28 16:18 - 02031616 _____ () C:\Users\Matthew\Downloads\Save20140916074026.bin
2015-01-28 16:18 - 2015-01-28 16:18 - 02031616 _____ () C:\Users\Matthew\Documents\Save20140916074026.bin
2015-01-27 20:29 - 2015-01-27 20:29 - 05865943 _____ () C:\Users\Matthew\Downloads\Parkour In Every Color.zip
2015-01-27 16:47 - 2015-01-27 16:47 - 05767168 _____ () C:\Users\Matthew\Downloads\Minecraft Xbox Walking Dead save (4).bin
2015-01-27 16:47 - 2015-01-27 16:47 - 05767168 _____ () C:\Users\Matthew\Documents\Minecraft Xbox Walking Dead save (4).bin
2015-01-27 16:46 - 2015-01-27 16:46 - 01183744 _____ () C:\Users\Matthew\Downloads\Asylum Horror Map.bin
2015-01-27 16:46 - 2015-01-27 16:46 - 01183744 _____ () C:\Users\Matthew\Documents\Asylum Horror Map.bin
2015-01-27 16:38 - 2015-01-27 16:38 - 04476928 _____ () C:\Users\Matthew\Downloads\The Lost Island 2 (HURevolution4lx) (1)
2015-01-27 16:38 - 2015-01-27 16:38 - 04476928 _____ () C:\Users\Matthew\Documents\The Lost Island 2 (HURevolution4lx) (1)
2015-01-27 16:37 - 2015-01-27 16:37 - 03801976 _____ (http://smile-files.com) C:\Users\Matthew\Downloads\Time_Lost_Minecraft_Adventure_Map_downloader.exe
2015-01-27 16:34 - 2015-01-27 16:34 - 03440640 _____ () C:\Users\Matthew\Downloads\Tave20131120193651.bin
2015-01-27 16:34 - 2015-01-27 16:34 - 03440640 _____ () C:\Users\Matthew\Downloads\Tave20131120193651 (1).bin
2015-01-27 16:34 - 2015-01-27 16:34 - 03440640 _____ () C:\Users\Matthew\Downloads\Tave20131120193651 (1) (2).bin
2015-01-27 16:34 - 2015-01-27 16:34 - 03440640 _____ () C:\Users\Matthew\Downloads\Tave20131120193651 (1) (1).bin
2015-01-27 16:34 - 2015-01-27 16:34 - 03440640 _____ () C:\Users\Matthew\Documents\Tave20131120193651 (1).bin
2015-01-27 16:29 - 2015-01-27 16:29 - 02965504 _____ () C:\Users\Matthew\Downloads\Save20140730235006.bin
2015-01-27 16:29 - 2015-01-27 16:29 - 02965504 _____ () C:\Users\Matthew\Downloads\Save20140730235006 (1).bin
2015-01-27 16:26 - 2015-01-27 16:26 - 05767168 _____ () C:\Users\Matthew\Downloads\Minecraft Xbox Walking Dead save (3).bin
2015-01-27 16:26 - 2015-01-27 16:26 - 05767168 _____ () C:\Users\Matthew\Downloads\Minecraft Xbox Walking Dead save (3) (1).bin
2015-01-27 16:23 - 2015-01-27 16:23 - 05767168 _____ () C:\Users\Matthew\Downloads\Minecraft Xbox Walking Dead save (2) (1) (2).bin
2015-01-27 16:23 - 2015-01-27 16:23 - 05767168 _____ () C:\Users\Matthew\Downloads\Minecraft Xbox Walking Dead save (2) (1) (1).bin
2015-01-27 16:23 - 2015-01-27 16:23 - 05136384 _____ () C:\Users\Matthew\Downloads\THE MODDED WALKING DEAD.bin
2015-01-27 16:23 - 2015-01-27 16:23 - 05136384 _____ () C:\Users\Matthew\Downloads\THE MODDED WALKING DEAD (1).bin
2015-01-27 16:22 - 2015-01-27 16:22 - 05767168 _____ () C:\Users\Matthew\Downloads\Minecraft Xbox Walking Dead save (2).bin
2015-01-27 16:22 - 2015-01-27 16:22 - 05767168 _____ () C:\Users\Matthew\Downloads\Minecraft Xbox Walking Dead save (2) (1).bin
2015-01-27 16:20 - 2015-01-27 16:20 - 04476928 _____ () C:\Users\Matthew\Downloads\The Lost Island 2 (HURevolution4lx)
2015-01-26 20:15 - 2015-01-26 20:17 - 65920956 _____ () C:\Users\Matthew\Downloads\Minecraft Lost (1).zip
2015-01-26 20:14 - 2015-01-30 15:50 - 00000000 ____D () C:\ProgramData\{f1a36578-dff4-612f-f1a3-36578dff95e3}
2015-01-26 20:12 - 2015-01-30 00:03 - 00000000 ____D () C:\Users\Matthew\AppData\Local\avaxvyvax
2015-01-26 20:12 - 2015-01-26 20:12 - 00003490 _____ () C:\WINDOWS\System32\Tasks\avaxvyvax
2015-01-26 20:12 - 2015-01-26 20:12 - 00000000 ____D () C:\ProgramData\dpnehadgfdnolkgbimflnoplagejpjkm
2015-01-26 20:11 - 2015-01-30 19:50 - 00000000 ____D () C:\ProgramData\{69c1dfc5-117c-1d5d-69c1-1dfc51177f14}
2015-01-26 20:10 - 2015-01-26 20:10 - 00000000 ____D () C:\Program Files (x86)\IBA Optout
2015-01-26 20:09 - 2015-01-30 19:50 - 00000000 ____D () C:\ProgramData\{0883b50b-e9bf-afbf-0883-3b50be9bd42f}
2015-01-26 19:58 - 2015-01-26 19:59 - 65920956 _____ () C:\Users\Matthew\Downloads\Minecraft Lost.zip
2015-01-26 19:57 - 2015-01-26 19:57 - 00001349 _____ () C:\Users\Matthew\Desktop\Five Nights at Freddys 2 - Vanilla Minecraft Horror Map V1.3.zip - Shortcut.lnk
2015-01-26 19:44 - 2015-01-26 19:44 - 08298879 _____ () C:\Users\Matthew\Downloads\Five Nights at Freddys 2 - Vanilla Minecraft Horror Map V1.3.zip
2015-01-26 19:43 - 2015-01-26 19:43 - 01021714 _____ () C:\Users\Matthew\Downloads\The Slime King - Parkour Map [1.8](Update 1).zip
2015-01-26 19:42 - 2015-01-26 19:42 - 15784930 _____ () C:\Users\Matthew\Downloads\Archaica_ The Foretold Prophecy 1.4.zip
2015-01-22 15:21 - 2015-01-22 15:21 - 00000118 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-22 15:17 - 2015-01-22 15:17 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-01-20 19:07 - 2015-01-20 19:07 - 00011850 _____ () C:\Users\Matthew\Downloads\Updated application fee and waiver 2015.xlsx
2015-01-20 19:07 - 2015-01-20 19:07 - 00011850 _____ () C:\Users\Matthew\Downloads\Updated application fee and waiver 2015 (1).xlsx
2015-01-20 07:34 - 2015-01-20 07:34 - 04506104 _____ () C:\Users\Matthew\Downloads\faithful32pack.zip
2015-01-19 05:08 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-01-19 05:08 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-01-19 05:08 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-01-19 05:08 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-01-19 05:08 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-01-19 05:06 - 2014-12-03 17:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-01-19 05:06 - 2014-12-03 17:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-01-19 05:06 - 2014-12-02 17:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-01-19 05:06 - 2014-12-02 17:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-01-19 05:06 - 2014-12-02 17:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-01-19 05:06 - 2014-12-02 17:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-01-19 05:06 - 2014-12-02 17:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-01-19 05:05 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-01-19 05:05 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-01-19 05:05 - 2014-04-30 00:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-01-19 05:05 - 2014-04-30 00:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2015-01-19 05:04 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-01-19 05:04 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-01-19 05:04 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-01-19 05:04 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-01-19 05:03 - 2014-07-23 21:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-01-19 05:03 - 2014-07-23 21:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-01-17 11:47 - 2015-01-17 11:47 - 00000000 __SHD () C:\Recovery
2015-01-17 11:46 - 2015-01-18 00:00 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-17 11:45 - 2015-01-17 11:45 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-01-17 11:45 - 2015-01-17 11:45 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-01-17 11:45 - 2015-01-17 11:45 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-01-17 11:45 - 2015-01-17 11:45 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-01-17 11:45 - 2015-01-17 11:45 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-01-17 11:45 - 2015-01-17 11:45 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-01-17 11:45 - 2015-01-17 11:45 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-17 11:45 - 2015-01-17 11:45 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-17 11:44 - 2015-01-17 11:44 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-17 11:44 - 2015-01-17 11:44 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-17 11:44 - 2015-01-17 11:44 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-17 11:44 - 2015-01-17 11:44 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-01-17 11:44 - 2015-01-17 11:44 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-01-17 11:43 - 2015-01-17 11:43 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-01-17 11:43 - 2015-01-17 11:43 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-01-17 11:43 - 2015-01-17 11:43 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-17 11:43 - 2015-01-17 11:43 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-01-17 11:43 - 2015-01-17 11:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-17 11:37 - 2015-01-17 11:37 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-01-17 11:37 - 2015-01-17 11:37 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-17 11:37 - 2015-01-17 11:37 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-17 11:37 - 2015-01-17 11:37 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-17 11:36 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-01-17 11:36 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-17 11:36 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-01-17 11:36 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-17 11:28 - 2015-01-17 11:28 - 00001448 _____ () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-17 11:28 - 2015-01-17 11:28 - 00000425 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-01-17 11:28 - 2015-01-17 11:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-01-17 11:27 - 2015-01-17 11:27 - 00000020 ___SH () C:\Users\Matthew\ntuser.ini
2015-01-17 10:19 - 2015-01-31 12:38 - 01935369 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-17 10:19 - 2015-01-17 10:19 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-01-17 10:05 - 2015-01-17 10:05 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-17 10:01 - 2015-01-17 10:01 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-01-17 09:59 - 2015-01-17 11:27 - 00000000 ____D () C:\Users\Matthew
2015-01-17 09:59 - 2015-01-17 10:19 - 00022863 _____ () C:\WINDOWS\diagwrn.xml
2015-01-17 09:59 - 2015-01-17 10:19 - 00022863 _____ () C:\WINDOWS\diagerr.xml
2015-01-17 09:59 - 2015-01-17 10:01 - 00000000 ___RD () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-17 09:59 - 2015-01-17 10:01 - 00000000 ___RD () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-17 09:59 - 2014-11-21 09:57 - 00000000 ___RD () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-17 09:59 - 2014-11-21 02:52 - 00000369 _____ () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-17 09:59 - 2014-11-21 02:52 - 00000369 _____ () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-17 09:59 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-17 09:52 - 2015-01-17 09:52 - 00849522 _____ () C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2015-01-17 09:52 - 2015-01-17 09:52 - 00188557 _____ () C:\WINDOWS\system32\Drivers\rtwaves40.dat
2015-01-17 09:52 - 2015-01-17 09:52 - 00017972 _____ () C:\WINDOWS\system32\Drivers\rtwavesvpcap.dat
2015-01-17 09:52 - 2015-01-17 09:52 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2015-01-17 09:51 - 2015-01-17 10:03 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-17 09:51 - 2015-01-17 09:51 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____D () C:\Program Files\Realtek
2015-01-17 09:50 - 2015-01-17 10:03 - 00000000 ____D () C:\Program Files\Intel
2015-01-17 09:50 - 2014-10-03 17:37 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-01-17 09:50 - 2014-10-03 17:37 - 00074240 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-01-16 01:58 - 2015-01-17 10:19 - 00008207 _____ () C:\WINDOWS\comsetup.log
2015-01-15 07:16 - 2015-01-22 15:19 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-01-13 19:00 - 2014-10-21 21:34 - 00010777 ____N () C:\WINDOWS\system32\AutoconfigV2.cab
2015-01-12 15:22 - 2015-01-12 15:22 - 01474560 _____ () C:\Users\Matthew\Downloads\Tave20140905142004.bin
2015-01-12 15:22 - 2015-01-12 15:22 - 01474560 _____ () C:\Users\Matthew\Downloads\Tave20140905142004 (1).bin
2015-01-11 19:54 - 2015-01-11 19:54 - 08297745 _____ () C:\Users\Matthew\Downloads\minecraft_server.1.8.1 (1).exe
2015-01-11 19:51 - 2015-01-11 19:51 - 08297745 _____ () C:\Users\Matthew\Downloads\minecraft_server.1.8.1.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 13:05 - 2013-12-03 20:17 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 13:02 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-31 13:00 - 2013-10-29 07:01 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-31 12:59 - 2013-12-03 20:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1465318420-4167670215-1546845147-1001
2015-01-31 12:54 - 2014-12-24 14:10 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Overwolf
2015-01-31 12:53 - 2013-12-03 20:17 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 12:52 - 2013-08-22 08:46 - 00289283 _____ () C:\WINDOWS\setupact.log
2015-01-31 12:52 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 12:52 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-30 22:57 - 2014-11-21 02:34 - 00078348 _____ () C:\WINDOWS\PFRO.log
2015-01-30 22:57 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\Matthew\AppData\Local\AVG SafeGuard toolbar
2015-01-30 17:26 - 2014-07-27 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 11:22 - 2013-10-29 07:06 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-29 23:46 - 2014-07-27 14:25 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 23:46 - 2014-07-27 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 23:46 - 2014-07-27 14:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 22:48 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-29 22:47 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-29 22:31 - 2012-07-25 23:37 - 00000000 ____D () C:\Users\Default.migrated
2015-01-29 21:01 - 2014-08-23 20:31 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\.minecraft
2015-01-28 14:11 - 2014-12-24 14:11 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-27 16:20 - 2014-11-21 02:44 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-27 15:27 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-24 14:20 - 2014-11-21 10:03 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 14:20 - 2014-11-21 10:03 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 22:11 - 2014-12-02 16:33 - 00000000 ____D () C:\Users\Matthew\Desktop\Chase's Games
2015-01-23 22:11 - 2014-10-04 14:28 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\.technic
2015-01-22 16:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-22 15:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-22 15:17 - 2014-11-21 09:56 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-01-22 15:17 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-22 15:17 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-22 15:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-01-22 15:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-01-22 15:17 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-22 15:17 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-19 08:46 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-19 08:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-01-19 04:34 - 2013-12-03 20:11 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Packages
2015-01-17 16:03 - 2013-12-17 15:25 - 00370176 ___SH () C:\Users\Matthew\Desktop\Thumbs.db
2015-01-17 11:45 - 2013-08-22 09:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-17 11:45 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-01-17 11:44 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-17 11:28 - 2013-10-29 06:47 - 00000000 ____D () C:\Intel
2015-01-17 10:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-17 10:17 - 2013-08-22 09:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-17 10:17 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-17 10:15 - 2013-10-29 06:49 - 00880342 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-01-17 10:07 - 2013-08-22 08:44 - 00492000 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-17 10:06 - 2014-12-26 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-01-17 10:06 - 2014-12-24 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-01-17 10:06 - 2014-12-01 21:10 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveNights2_Install
2015-01-17 10:06 - 2014-11-05 20:38 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's
2015-01-17 10:06 - 2014-05-20 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingTranslate
2015-01-17 10:06 - 2014-02-15 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-01-17 10:06 - 2013-12-05 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-17 10:06 - 2013-12-05 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wyse
2015-01-17 10:06 - 2013-12-04 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-17 10:06 - 2013-12-03 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-17 10:06 - 2013-12-03 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX860 series
2015-01-17 10:06 - 2013-10-29 07:05 - 00000000 ____D () C:\WINDOWS\en
2015-01-17 10:06 - 2013-10-29 06:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2015-01-17 10:06 - 2013-10-29 06:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-17 10:06 - 2013-10-29 06:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-17 10:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-17 10:05 - 2014-11-21 02:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-01-17 10:05 - 2014-11-21 02:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-01-17 10:05 - 2014-11-21 02:00 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-01-17 10:05 - 2013-08-22 09:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-01-17 10:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-01-17 10:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-01-17 10:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-01-17 10:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-01-17 10:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-17 10:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-01-17 10:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-01-17 10:05 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-01-17 10:05 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-01-17 10:03 - 2014-12-13 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrolls
2015-01-17 10:03 - 2014-02-12 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2015-01-17 10:03 - 2013-12-03 20:16 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-01-17 10:03 - 2013-12-03 20:11 - 00000000 ____D () C:\ProgramData\PRICache
2015-01-17 10:03 - 2013-10-29 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
2015-01-17 10:03 - 2013-10-29 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
2015-01-17 10:03 - 2013-10-29 06:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-01-17 10:03 - 2013-08-22 09:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-01-17 10:03 - 2013-08-22 09:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-01-17 10:03 - 2013-08-22 09:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-01-17 10:03 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Help
2015-01-17 10:01 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-01-17 10:01 - 2014-09-13 02:39 - 00000000 ___RD () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-17 10:01 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-01-17 09:52 - 2013-08-22 08:46 - 00000084 _____ () C:\WINDOWS\setuperr.log
2015-01-17 09:48 - 2013-08-22 07:36 - 00000000 __RHD () C:\Users\Default
2015-01-17 09:30 - 2013-10-29 06:32 - 01283612 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-01-17 03:07 - 2013-12-04 20:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-17 03:00 - 2013-12-04 20:14 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-09 06:58 - 2013-12-03 20:40 - 01664512 ___SH () C:\Users\Matthew\Downloads\Thumbs.db
2015-01-04 08:33 - 2014-02-15 19:45 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Open Download Manager
 
==================== Files in the root of some directories =======
 
2013-10-29 07:01 - 2013-10-29 07:01 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-29 06:56 - 2013-10-29 06:58 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-29 06:58 - 2013-10-29 06:59 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-29 06:56 - 2013-10-29 06:56 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-29 06:59 - 2013-10-29 07:00 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-31 05:16
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:25 PM

Posted 31 January 2015 - 03:44 PM

Hi. I'm checking your log now and will reply with instructions soon.

#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:25 PM

Posted 31 January 2015 - 05:41 PM

Follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1465318420-4167670215-1546845147-1001 -> {BED399A3-B69D-4CE2-BD15-F0686D3B1611} URL = 
2015-01-26 20:12 - 2015-01-30 00:03 - 00000000 ____D () C:\Users\Matthew\AppData\Local\avaxvyvax
2015-01-26 20:12 - 2015-01-26 20:12 - 00003490 _____ () C:\WINDOWS\System32\Tasks\avaxvyvax
2015-01-26 20:12 - 2015-01-26 20:12 - 00000000 ____D () C:\ProgramData\dpnehadgfdnolkgbimflnoplagejpjkm
2015-01-26 20:11 - 2015-01-30 19:50 - 00000000 ____D () C:\ProgramData\{69c1dfc5-117c-1d5d-69c1-1dfc51177f14}
Task: {2AE6B21C-F3DD-4BE1-91CA-36693035BF8B} - System32\Tasks\avaxvyvax => C:\Users\Matthew\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {E8A9AD20-5550-4747-922A-50EC01286750} - System32\Tasks\{6FEA54C4-68A2-4992-83E3-2A7811D149DB} => pcalua.exe -a "C:\Program Files (x86)\The weDownload Manager\Uninstall.exe" -c /fromcontrolpanel=1
C:\Program Files (x86)\The weDownload Manager
Task: {F21F3A27-5FF9-4428-865E-04C1851F9F3B} - System32\Tasks\{ED335C7F-DEA4-434F-878F-97C81F77B623} => pcalua.exe -a C:\Users\Matthew\AppData\Local\WebPlayer\uninstall.exe -c _?=C:\Users\Matthew\AppData\Local\WebPlayer\FLV Player
C:\Users\Matthew\AppData\Local\WebPlayer\
EmptyTemp:
CMD: DIR C:\ProgramData\{f1a36578-dff4-612f-f1a3-36578dff95e3} /s
CMD: DIR C:\ProgramData\{0883b50b-e9bf-afbf-0883-3b50be9bd42f} /s
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, this time click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the most recent report).
3.- Download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.


#4 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:25 PM

Posted 06 April 2015 - 07:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users