Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tried everything, unable to remove Malware


  • Please log in to reply
9 replies to this topic

#1 D-My

D-My

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 06 November 2015 - 01:14 PM

a while ago i tried to pirate a program from pirate bay. only time ive ever used and i am still receiving adware from it. I am stuck with the "Protectio.search.com" virus. i have been searching endlessly for a solution. i have tried 3 different adware removers, deleted it through my registry, chrome, task manager, task scheduler, and it STILL shows up. and when it doesnt show up i get redirected to pirate bay whenever i search something. i badly need to get rid of this virus and need help!!!



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:55 AM

Posted 07 November 2015 - 10:01 AM

hi,

 

Need to see a FRST log as a starting point. You can download and post a FRST log by reading step 6 at the link below, then we will go from there:

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


How Can I Reduce My Risk to Malware?


#3 D-My

D-My
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 07 November 2015 - 02:53 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by dylan (administrator) on DYLANS-PC (07-11-2015 14:48:56)
Running from C:\Users\dylan\Downloads
Loaded Profiles: dylan (Available Profiles: dylan & karli)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Enigma Software Group USA, LLC.) C:\Users\dylan\AppData\Local\Temp\esg_uninstall.exe~
() C:\Users\dylan\Downloads\adwcleaner_5.012.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cantaloupe Inc) C:\Users\dylan\AppData\Local\Temp\GPUpd563D10390.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Foundation) C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.7.104.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\dylan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\dylan\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-11-26] (MSI)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55100016 2015-08-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\Run: [Akamai NetSession Interface] => C:\Users\dylan\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-09-02]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{05a883d4-edd4-4f92-b67c-c8544992ac6d}: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-2290322855-991187763-195446925-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-26] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-09-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\wpfzzpae.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-16] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-09-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2290322855-991187763-195446925-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dylan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2290322855-991187763-195446925-1001: electronicarts.com/GameFacePlugin -> C:\Users\dylan\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Extension: No Name - C:\Users\dylan\AppData\Roaming\Mozilla\Firefox\Profiles\wpfzzpae.default\extensions\firefox@helper [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=112555&tt=3012_7&babsrc=HP_ss&mntrId=424a69680000000000001c659d9216a6
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1446428912"
CHR DefaultSearchURL: Default -> hxxp://thepiratebay.org/search/{searchTerms}
CHR DefaultSearchKeyword: Default -> thepiratebay.org
CHR Profile: C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02]
CHR Extension: (Google Docs) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-02]
CHR Extension: (Google Drive) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (AdBlock) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-02]
CHR Extension: (Gmail) - C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162768 2014-11-26] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-07] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
R3 iTurbo; C:\Users\dylan\AppData\Local\Temp\iTurbo.sys [27008 2015-11-04] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-02] (Intel Corporation)
R1 MpKsl00bd761a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95E4F54C-7563-4F1D-ACA7-14B7D1E8763B}\MpKsl00bd761a.sys [44928 2015-11-07] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
U0 vfywi; C:\Windows\System32\drivers\fvdblb.sys [79064 2015-11-05] (Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 14:48 - 2015-11-07 14:49 - 00017920 _____ C:\Users\dylan\Downloads\FRST.txt
2015-11-07 14:48 - 2015-11-07 14:48 - 02198528 _____ (Farbar) C:\Users\dylan\Downloads\FRST64.exe
2015-11-07 14:48 - 2015-11-07 14:48 - 00000000 ____D C:\FRST
2015-11-07 14:47 - 2015-11-07 14:47 - 00016148 _____ C:\WINDOWS\system32\DYLANS-PC_dylan_HistoryPrediction.bin
2015-11-06 13:02 - 2015-11-06 13:05 - 00000000 ____D C:\AdwCleaner
2015-11-06 13:02 - 2015-11-06 13:02 - 01682432 _____ C:\Users\dylan\Downloads\adwcleaner_5.012.exe
2015-11-06 12:50 - 2015-11-06 12:50 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-11-06 12:50 - 2015-11-06 12:50 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2015-11-06 12:49 - 2015-11-06 12:50 - 00700584 _____ C:\Users\dylan\Downloads\Adware_Removal_Tool_by_TSA.exe
2015-11-06 12:46 - 2015-11-06 12:46 - 00001654 _____ C:\Users\dylan\Desktop\Google Chrome.lnk
2015-11-05 19:12 - 2015-11-05 19:12 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\fvdblb.sys
2015-11-05 17:33 - 2015-11-06 12:40 - 00000000 ____D C:\Users\dylan\AppData\Roaming\Enigma Software Group
2015-11-05 17:33 - 2015-11-05 17:33 - 00000000 _____ C:\autoexec.bat
2015-11-05 17:32 - 2015-11-05 17:32 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\dylan\Downloads\SpyHunter-Installer.exe
2015-11-05 17:32 - 2015-11-05 17:32 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-11-05 17:25 - 2015-11-05 17:25 - 00000000 ___HD C:\OneDriveTemp
2015-11-04 15:00 - 2015-11-04 15:00 - 00000049 _____ C:\Users\dylan\jagex_cl_runescape_LIVE_BETA.dat
2015-11-01 20:15 - 2015-11-01 20:15 - 22908888 _____ (Malwarebytes ) C:\Users\dylan\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-30 17:17 - 2015-10-27 18:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-30 17:17 - 2015-10-27 18:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-30 17:17 - 2015-10-21 07:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-30 17:17 - 2015-10-21 07:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-30 17:17 - 2015-10-21 07:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-30 17:17 - 2015-10-21 07:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-30 17:17 - 2015-10-21 07:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-30 17:17 - 2015-10-21 07:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-30 17:17 - 2015-10-21 06:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-30 17:17 - 2015-10-21 06:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-30 17:17 - 2015-10-21 06:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-30 17:17 - 2015-10-21 06:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-30 17:17 - 2015-10-21 06:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-30 17:17 - 2015-10-21 06:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-30 17:17 - 2015-10-21 06:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-30 17:17 - 2015-10-21 06:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-30 17:17 - 2015-10-21 06:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-30 17:17 - 2015-10-21 06:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-30 17:17 - 2015-10-21 06:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-30 17:17 - 2015-10-21 06:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-30 17:17 - 2015-10-21 06:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-30 17:17 - 2015-10-21 06:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-30 17:17 - 2015-10-21 06:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-30 17:17 - 2015-10-21 00:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-30 17:17 - 2015-10-21 00:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-30 17:17 - 2015-10-21 00:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-30 17:17 - 2015-10-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-30 17:17 - 2015-10-21 00:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-30 17:17 - 2015-10-21 00:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-30 17:17 - 2015-10-21 00:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-30 17:17 - 2015-10-21 00:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 17:17 - 2015-10-20 23:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-30 17:17 - 2015-10-20 23:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-30 17:17 - 2015-10-20 23:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-27 14:11 - 2015-10-27 14:11 - 00000000 ____D C:\Users\dylan\Desktop\OS
2015-10-26 16:53 - 2015-10-26 16:53 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-26 16:53 - 2015-10-26 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-26 09:41 - 2015-10-26 09:42 - 00000000 ____D C:\Users\dylan\AppData\Roaming\.tribot
2015-10-26 09:41 - 2015-10-26 09:41 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\Users\dylan\AppData\Roaming\Sun
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\Users\dylan\AppData\Roaming\obf.u
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\Users\dylan\AppData\LocalLow\Sun
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\Users\dylan\AppData\LocalLow\Oracle
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\Users\dylan\.oracle_jre_usage
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\ProgramData\Oracle
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-26 09:41 - 2015-10-26 09:41 - 00000000 ____D C:\Program Files\Java
2015-10-26 09:40 - 2015-10-26 09:41 - 57017440 _____ (Oracle Corporation) C:\Users\dylan\Downloads\jre-8u66-windows-x64.exe
2015-10-26 09:38 - 2015-10-26 09:38 - 00089736 _____ C:\Users\dylan\Downloads\TRiBot_Loader.jar
2015-10-25 16:04 - 2015-10-25 16:06 - 00000000 ____D C:\Users\dylan\OSBuddy
2015-10-25 16:04 - 2015-10-25 16:04 - 00880432 _____ C:\Users\dylan\Downloads\OSBuddy.exe
2015-10-23 10:36 - 2015-10-23 10:36 - 00000000 ____D C:\ProgramData\ATI
2015-10-22 14:31 - 2015-11-04 17:16 - 00000044 _____ C:\Users\dylan\jagex_cl_oldschool_LIVE.dat
2015-10-22 14:31 - 2015-10-22 14:31 - 00000000 ____D C:\Users\dylan\.jagex_cache_32
2015-10-22 14:15 - 2015-10-22 14:15 - 00000000 ____D C:\Users\dylan\AppData\Local\AMD
2015-10-22 14:14 - 2015-11-04 15:23 - 00000044 _____ C:\Users\dylan\jagex_cl_runescape_LIVE.dat
2015-10-22 14:14 - 2015-11-04 15:04 - 00000024 _____ C:\Users\dylan\jagexappletviewer.preferences
2015-10-22 14:14 - 2015-10-26 09:43 - 00000000 ____R C:\Users\dylan\random.dat
2015-10-22 14:14 - 2015-10-22 14:14 - 00000000 ____D C:\.jagex_cache_32
2015-10-22 14:13 - 2015-10-22 14:31 - 00000000 ____D C:\Users\dylan\jagexcache
2015-10-22 14:13 - 2015-10-22 14:13 - 24219648 _____ C:\Users\dylan\Downloads\RuneScape.msi
2015-10-22 14:13 - 2015-10-22 14:13 - 00002106 _____ C:\Users\dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2015-10-22 14:13 - 2015-10-22 14:13 - 00000000 ____D C:\Users\dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2015-10-21 18:46 - 2015-10-21 18:46 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510211946146951.log
2015-10-21 18:46 - 2015-10-21 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-10-21 18:46 - 2015-10-21 18:46 - 00000000 ____D C:\Program Files\ATI Technologies
2015-10-21 18:44 - 2015-10-21 18:44 - 00061037 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510211944390163.log
2015-10-21 18:44 - 2015-10-21 18:44 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-10-21 18:44 - 2015-10-21 18:44 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-10-21 18:44 - 2015-10-21 18:44 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-10-21 18:44 - 2015-10-21 18:44 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-10-21 18:43 - 2015-10-21 18:43 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 39712768 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-10-21 18:43 - 2015-10-21 18:43 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-10-21 18:43 - 2015-10-21 18:43 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00833800 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-10-21 18:43 - 2015-10-21 18:43 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00662392 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-10-21 18:43 - 2015-10-21 18:43 - 00662392 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-10-21 18:43 - 2015-10-21 18:43 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00471312 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2015-10-21 18:43 - 2015-10-21 18:43 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2015-10-21 18:43 - 2015-10-21 18:43 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00138376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00110312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-10-21 18:43 - 2015-10-21 18:43 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00087992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-10-21 18:43 - 2015-10-21 18:43 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2015-10-21 18:43 - 2015-10-21 18:43 - 00043536 _____ C:\WINDOWS\system32\kapp_si.sbin
2015-10-21 18:43 - 2015-10-21 18:43 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-10-21 18:43 - 2015-10-21 18:43 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-10-20 00:03 - 2015-10-20 00:03 - 00016148 _____ C:\WINDOWS\system32\DYLANS-PC_karli_HistoryPrediction.bin
2015-10-19 15:36 - 2015-10-19 15:36 - 00000000 ____D C:\Users\karli\AppData\Local\Apple
2015-10-19 09:28 - 2015-10-19 09:28 - 00000000 ____D C:\Users\karli\AppData\Roaming\Macromedia
2015-10-17 19:12 - 2015-10-17 19:13 - 19384008 _____ (Adobe Systems Incorporated) C:\Users\dylan\Downloads\flashplayer19_install_win_ppapi.exe
2015-10-17 18:57 - 2015-11-06 12:44 - 00000000 ____D C:\Users\dylan\AppData\Roaming\Opera Software
2015-10-17 18:57 - 2015-11-06 12:44 - 00000000 ____D C:\Users\dylan\AppData\Local\Opera Software
2015-10-17 18:57 - 2015-11-06 12:44 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-17 18:57 - 2015-10-17 18:57 - 00724384 _____ (Opera Software) C:\Users\dylan\Downloads\Opera_NI_stable.exe
2015-10-17 18:39 - 2015-10-19 04:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-17 17:10 - 2015-11-07 14:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-17 17:10 - 2015-11-05 17:45 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-17 17:09 - 2015-10-17 17:09 - 00000000 ____D C:\Users\dylan\AppData\Roaming\Electronic Arts
2015-10-17 17:06 - 2015-10-17 17:09 - 09091423 _____ (Electronic Arts) C:\Users\dylan\Desktop\GameFaceBrowserPluginInstaller.1.8.0.0.exe
2015-10-17 17:06 - 2015-10-17 17:06 - 09085877 _____ (Electronic Arts) C:\Users\dylan\Downloads\gamefacebrowserplugininstaller.1.5.3.0.exe
2015-10-13 16:09 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 16:09 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 16:09 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 16:09 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 16:09 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 16:09 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 16:09 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 16:09 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 16:09 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 16:09 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 16:09 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 16:09 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 16:09 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 16:09 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 16:09 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 16:09 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 16:09 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 16:09 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 16:09 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 16:09 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 16:09 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 16:09 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 16:09 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 16:09 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 16:09 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 16:09 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-13 16:08 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 16:08 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 16:08 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 16:08 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 16:08 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 16:08 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 16:08 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 16:08 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 16:08 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 16:08 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 16:08 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 16:08 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 16:08 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 16:08 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 16:08 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 16:08 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 16:08 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 16:08 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 16:08 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 16:08 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 16:08 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 16:08 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 16:08 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 16:08 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 16:08 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 16:08 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 16:08 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 16:08 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 16:08 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 16:08 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 16:08 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 16:08 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-12 17:14 - 2015-10-12 17:14 - 00075340 _____ C:\Users\dylan\Downloads\functional requirements.htm
2015-10-12 17:14 - 2015-10-12 17:14 - 00000000 ____D C:\Users\dylan\Downloads\functional requirements_files
2015-10-12 16:22 - 2015-10-12 16:22 - 00929872 _____ (Google Inc.) C:\Users\dylan\Downloads\ChromeSetup.exe
2015-10-12 16:07 - 2015-10-12 16:07 - 00001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-10-12 16:07 - 2015-10-12 16:07 - 00000000 ____D C:\Users\dylan\AppData\Local\VS Revo Group
2015-10-12 16:07 - 2015-10-12 16:07 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-10-12 16:07 - 2015-10-12 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-10-12 16:07 - 2015-10-12 16:07 - 00000000 ____D C:\Program Files\VS Revo Group
2015-10-12 16:07 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-10-12 16:06 - 2015-10-12 16:07 - 11069616 _____ (VS Revo Group ) C:\Users\dylan\Downloads\RevoUninProSetup.exe
2015-10-12 15:41 - 2015-10-15 14:53 - 00000000 ____D C:\Users\dylan\Desktop\Lecture PDF's
2015-10-12 15:33 - 2015-11-06 12:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-12 15:33 - 2015-11-01 20:16 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-12 15:33 - 2015-11-01 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-12 15:33 - 2015-11-01 20:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-12 15:33 - 2015-10-12 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-12 15:33 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-12 15:33 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-12 15:33 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-12 15:32 - 2015-10-12 15:32 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\dylan\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-10-12 15:18 - 2015-10-12 15:18 - 00000000 ____D C:\Program Files (x86)\Application Defender
2015-10-08 16:33 - 2015-10-12 15:56 - 00000000 ____D C:\Users\dylan\AppData\Roaming\Interstat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 14:48 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-07 14:40 - 2015-09-02 12:28 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 14:27 - 2015-09-07 18:52 - 00000000 ____D C:\Users\dylan\AppData\Roaming\Skype
2015-11-07 14:26 - 2015-09-09 14:45 - 00000000 ____D C:\Users\dylan\AppData\Local\Akamai
2015-11-07 14:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-06 20:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-06 15:40 - 2015-09-02 12:28 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-05 19:12 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-11-05 18:41 - 2015-10-06 19:28 - 00000000 ___RD C:\Users\dylan\AppData\Roaming\Mozilla
2015-11-05 17:25 - 2015-09-07 14:32 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-05 17:25 - 2015-09-02 12:09 - 00000000 ___RD C:\Users\dylan\OneDrive
2015-11-04 16:26 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-04 15:00 - 2015-09-02 13:16 - 00000000 ____D C:\Users\dylan
2015-11-01 22:44 - 2015-09-02 13:24 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-01 20:47 - 2015-09-02 12:26 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2D7AC54D-D5D4-4CD4-9B61-7ED5DDFD5F9E}
2015-11-01 20:43 - 2015-09-02 13:11 - 00208318 _____ C:\WINDOWS\PFRO.log
2015-11-01 20:43 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-01 20:43 - 2015-07-10 07:20 - 00015683 _____ C:\WINDOWS\setupact.log
2015-11-01 20:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\tracing
2015-11-01 20:43 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-01 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-30 18:42 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-30 17:06 - 2015-09-02 13:30 - 00002373 _____ C:\Users\dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-27 14:22 - 2015-09-07 14:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-26 16:53 - 2015-09-11 11:08 - 00000000 ____D C:\Program Files\iTunes
2015-10-26 16:53 - 2015-09-11 11:08 - 00000000 ____D C:\Program Files\iPod
2015-10-26 16:53 - 2015-09-11 11:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-26 16:53 - 2015-09-11 11:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-22 18:11 - 2015-09-16 14:17 - 00000000 ____D C:\Users\dylan\Desktop\AutoCad Drawings
2015-10-21 18:46 - 2015-09-02 13:14 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-10-21 18:45 - 2015-09-02 13:14 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-21 18:44 - 2015-09-02 13:13 - 00000000 ____D C:\AMD
2015-10-21 18:43 - 2015-08-20 23:51 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 10211008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 07482552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-10-21 18:43 - 2015-08-20 23:51 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-10-21 18:43 - 2015-08-20 23:46 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-10-21 18:43 - 2015-08-20 23:46 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-10-21 18:43 - 2015-08-20 23:46 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-10-21 18:43 - 2015-08-20 23:46 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-10-21 18:43 - 2015-08-20 23:46 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-10-21 18:43 - 2015-08-20 23:46 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-10-21 18:43 - 2015-08-20 23:46 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-10-21 18:43 - 2015-08-20 23:46 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-10-21 18:43 - 2015-08-20 23:46 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-10-21 18:43 - 2015-08-20 23:46 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-10-21 17:32 - 2015-09-16 14:16 - 00000000 ____D C:\Users\dylan\AppData\Local\cache
2015-10-20 00:03 - 2015-09-21 16:46 - 00000000 ____D C:\Users\karli\OneDrive
2015-10-19 09:28 - 2015-09-21 20:32 - 00000000 ____D C:\Users\karli\AppData\Local\cache
2015-10-19 04:19 - 2015-10-06 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-15 22:10 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 22:10 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 13:58 - 2015-09-07 13:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 13:52 - 2015-09-07 13:31 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-12 15:52 - 2015-09-11 18:06 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-10-12 15:25 - 2015-09-02 12:26 - 00000000 __SHD C:\Users\dylan\AppData\Local\EmieUserList
2015-10-12 15:25 - 2015-09-02 12:26 - 00000000 __SHD C:\Users\dylan\AppData\Local\EmieSiteList
 
==================== Files in the root of some directories =======
 
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\dylan\AppData\Roaming\Ie49D7SU3YFTMgH4B6
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\dylan\AppData\Roaming\L1NmEZEC3qCB0Xvy3oL4aa
2015-09-02 13:37 - 2015-09-02 13:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-09 21:56 - 2015-09-09 21:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\dylan\AppData\Local\Temp\AcDeltree.exe
C:\Users\dylan\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\dylan\AppData\Local\Temp\AutoWifi.exe
C:\Users\dylan\AppData\Local\Temp\C9FD.tmp.exe
C:\Users\dylan\AppData\Local\Temp\devcon64.exe
C:\Users\dylan\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd5616E12B0.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd561C15910.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd5624B5640.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd5627EA290.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd562B65820.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd562E81A90.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd563A6D390.exe
C:\Users\dylan\AppData\Local\Temp\GPUpd563D10390.exe
C:\Users\dylan\AppData\Local\Temp\sqlite3.dll
C:\Users\karli\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-30 13:09
 
==================== End of FRST.txt ============================
 
 
 
ADDITION:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by dylan (2015-11-07 14:49:17)
Running from C:\Users\dylan\Downloads
Windows 10 Home (X64) (2015-09-02 18:26:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2290322855-991187763-195446925-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2290322855-991187763-195446925-503 - Limited - Disabled)
dylan (S-1-5-21-2290322855-991187763-195446925-1001 - Administrator - Enabled) => C:\Users\dylan
Guest (S-1-5-21-2290322855-991187763-195446925-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2290322855-991187763-195446925-1003 - Limited - Enabled)
karli (S-1-5-21-2290322855-991187763-195446925-1005 - Limited - Enabled) => C:\Users\karli
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.195 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX450 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series) (Version: 1.00 - Canon Inc.)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HIS iTurbo (HKLM-x32\...\HIS iTurbo) (Version:  - )
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.027 - MSI)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Patch testing for Chivalry (HKLM-x32\...\Steam App 232210) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-2290322855-991187763-195446925-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2290322855-991187763-195446925-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2290322855-991187763-195446925-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dylan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2290322855-991187763-195446925-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2290322855-991187763-195446925-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2290322855-991187763-195446925-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points =========================
 
30-10-2015 18:42:13 Windows Update
01-11-2015 20:52:22 Revo Uninstaller Pro's restore point - protectedio toolbar
05-11-2015 18:33:03 Revo Uninstaller Pro's restore point - 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13EB26D8-C2BE-4E74-9757-5D3D01B31C19} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {18F851D1-CE96-4FDF-8DDF-F6DD9E73C6B1} - System32\Tasks\Application Defender Uninstaller => C:\Program Files (x86)\Application Defender\ApplicationDefender.exe [2015-10-12] (Backup Updater) <==== ATTENTION
Task: {1D0AB742-5BE1-440E-8B35-F66EBF26E240} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {3778B9E1-A001-49AA-8E8D-8EE593BF17D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {59E019F8-3BB0-4392-82DF-13D0D2250536} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5B7DC21C-F913-41E1-8EB9-2145CC92BA5E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {655BBBDD-8C7A-4B6B-B56C-D271359DF889} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {65F59217-A2C0-453C-8392-985A0AD4BC51} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6A8B56DF-D47D-4359-9262-776CB1519C99} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-05] (Adobe Systems Incorporated)
Task: {769F07C4-857E-4D0F-87F6-209A7538999B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CBCDE2E-0315-46D2-B7AE-5FD8C3E460FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {BF5B2219-A2BA-4A3E-AE08-F584C99D2430} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation)
Task: {C17F2FAA-4802-4E1D-AE65-5F394B05CF5A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D2F44A0C-27EE-49C5-902B-DF3767A5C41E} - System32\Tasks\Megasoft Security Uninstaller => C:\Program Files (x86)\Megasoft Security\jptask.exe <==== ATTENTION
Task: {F719B2CE-4F06-4B86-A937-E3694908526B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {F73EF9AB-8483-4F95-97FB-B335A5E5FBD1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {FEC61D43-5371-4EE1-A148-A6FC54AD279D} - System32\Tasks\Full Cleaner => C:\Users\dylan\AppData\Roaming\Full Cleaner\Full Cleaner.exe [2015-10-07] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-02 14:08 - 2015-09-02 14:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00209712 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 15:01 - 2014-08-25 15:01 - 00057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-08-25 15:01 - 2014-08-25 15:01 - 00037168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-09-02 14:08 - 2015-09-02 14:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-07 14:22 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-30 15:02 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-16 14:25 - 2015-09-16 14:25 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\AppVIsvStream64.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2015-09-02 14:01 - 2014-03-14 10:23 - 00847872 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2015-10-22 10:58 - 2015-10-22 10:58 - 03498496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1510.13020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-11-06 13:02 - 2015-11-06 13:02 - 01682432 _____ () C:\Users\dylan\Downloads\adwcleaner_5.012.exe
2015-09-30 15:02 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-27 14:21 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-09-30 15:02 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-30 15:02 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 15:01 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 15:01 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 15:02 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-06 20:13 - 2015-11-06 20:13 - 00015360 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.7.104.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2015-09-07 14:33 - 2015-10-05 11:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-07 14:32 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-07 14:33 - 2015-10-14 15:56 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-07 14:32 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-07 14:32 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-07 14:32 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-07 14:32 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-07 14:32 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-07 14:32 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-07 14:32 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-07 14:32 - 2015-10-14 15:56 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-09-07 14:32 - 2015-10-09 13:13 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-09-02 14:01 - 2014-03-14 10:16 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2015-09-02 14:01 - 2014-03-14 10:25 - 00194560 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-09-02 14:01 - 2014-03-14 10:28 - 00139264 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2015-09-02 14:01 - 2014-03-14 10:28 - 00116224 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2015-09-07 14:32 - 2015-10-08 17:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-10-27 14:21 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-23 10:40 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-23 10:40 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2015-10-23 10:40 - 2015-10-20 09:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
2015-11-06 20:13 - 2015-11-06 20:13 - 10620928 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.7.104.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2015-11-05 17:31 - 2015-11-05 17:31 - 00938496 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.7.104.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2015-10-12 15:22 - 2015-10-12 15:22 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.7.104.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2290322855-991187763-195446925-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2739A034-0CE3-4A6B-B3C3-B35FCA2D84FF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{26CD30C1-9997-4695-AC94-29689B83D8EC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2536A98C-6DD7-4965-8368-496173BC0935}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BE45633E-ACB2-48D4-AA43-BFDB58462FC6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F1DD7DD8-4A2A-417E-A851-71CE9477771D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4F11F8C7-41B2-404F-93E7-F562282747AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A8BC8C5A-E106-4EB5-BF0F-5AB4E80A8BE5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A8844198-BC18-4489-8ADA-5A7A95C485F8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D21548BA-F939-42F6-AE61-242243ACE446}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FCA5DB37-0F1B-4113-9BCD-BAA5DE28D7EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E6B8E023-9C90-40F8-BF88-A2FE33D1DB71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{313EE697-327B-4DE5-9C74-CB6901EBB30F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{D68115C6-B969-4897-B7D8-AFF82EAE3C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DB96229F-12BF-4543-B110-7E6CE4115B3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{5E951E2F-DF79-4381-B6F2-2C4CF756A57C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{35AB0D86-A9BF-4703-8098-6039FE274FFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{AFE2FF51-36CB-4437-9399-DD9961DBA835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{89AE06CD-F8B3-45B0-8059-CB5D19206514}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{92DEFF4F-8667-4889-82F6-EDE3CEAC747D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{DB4DCB68-F2B4-4583-AF90-A7C971A9D433}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{7AB25EFD-5076-4A08-8560-A41630C300C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{C9AACBD7-1270-45C3-9D21-3598C6BFFA32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{7F64DEC0-6E20-4BE3-9819-63AC34483E2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{222551F9-AD83-49BE-8411-EE61494051F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{F50E08B1-5507-4CBC-BE2B-323D109CF54B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{399EEC7E-2431-4DBF-9197-E2833EDA662D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{3CB7985F-5D87-4B10-8E12-8F218FB8E900}C:\users\dylan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dylan\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E2E8788C-4308-42E9-86DA-30E862EF227F}C:\users\dylan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dylan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{1913A2E4-ECFC-4ABC-9DFB-654E86744035}] => (Block) C:\users\dylan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{08CF33B3-74B2-4825-B97C-A4E1BFA04E7C}] => (Block) C:\users\dylan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E4AEE6EE-24D3-47EE-B310-6A8473E591E7}] => (Allow) LPort=50248
FirewallRules: [{CB3765E1-C1FC-409D-8234-D10D06A4E431}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D7364BB5-C784-4457-9EC8-BF6F2F5C5785}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8EDD91B2-095D-4527-ACB2-C26AA4DDA7F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11781CC7-8EBE-4DA2-8155-1CDF1FAF1BBF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{96912F93-1751-40CE-88C1-0385EF45BC0C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0A49E441-9DEC-4B20-AF6F-DCE2613F5F11}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F7AE008F-78A0-42BD-93BF-451887672B8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7192E699-00D5-47EA-B93C-41E4ED86F8B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86D17880-9854-4423-9F30-56E596CDE7BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{33565D38-F88F-4762-851A-1B15EDF7E5B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/07/2015 02:26:24 PM) (Source: MsiInstaller) (EventID: 11310) (User: DYLANS-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\dylan\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (11/07/2015 02:25:20 PM) (Source: MsiInstaller) (EventID: 11310) (User: DYLANS-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\dylan\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (11/07/2015 01:54:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4406
 
Error: (11/07/2015 01:54:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4406
 
Error: (11/07/2015 01:54:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/07/2015 01:53:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3312
 
Error: (11/07/2015 01:53:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3312
 
Error: (11/07/2015 01:53:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/07/2015 01:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234
 
Error: (11/07/2015 01:53:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234
 
 
System errors:
=============
Error: (11/07/2015 01:20:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (11/06/2015 04:46:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (11/06/2015 04:46:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 4 0x0 0x0
 
Error: (11/06/2015 04:46:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
Error: (11/06/2015 01:42:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
 
Error: (11/06/2015 01:04:16 PM) (Source: DCOM) (EventID: 10010) (User: DYLANS-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
 
Error: (11/06/2015 01:02:16 PM) (Source: DCOM) (EventID: 10010) (User: DYLANS-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
 
Error: (11/06/2015 01:00:16 PM) (Source: DCOM) (EventID: 10010) (User: DYLANS-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
 
Error: (11/06/2015 12:58:16 PM) (Source: DCOM) (EventID: 10010) (User: DYLANS-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
 
Error: (11/06/2015 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: DYLANS-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
 
 
CodeIntegrity:
===================================
  Date: 2015-11-07 14:48:35.836
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-07 14:48:35.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-06 13:02:44.916
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-06 13:02:44.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-06 13:02:33.827
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-06 13:02:33.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-06 12:45:35.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-06 12:45:35.143
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 17:49:42.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-05 17:49:42.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 20%
Total physical RAM: 16328.02 MB
Available physical RAM: 12899.42 MB
Total Virtual: 18760.02 MB
Available Virtual: 14420.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.73 GB) (Free:856.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB4FB182)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:55 AM

Posted 08 November 2015 - 09:38 AM

Ok thanks for the info. Lets go right to two adware type tools.

​Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open. Press enter to start the scan
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

​Next: Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.


How Can I Reduce My Risk to Malware?


#5 D-My

D-My
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 09 November 2015 - 04:25 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by dylan on Mon 11/09/2015 at 15:58:22.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Public\qiyi
 
 
 
~~~ Chrome
 
 
[C:\Users\dylan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\dylan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\dylan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\dylan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/09/2015 at 16:01:20.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v5.019 - Logfile created 09/11/2015 at 16:03:42
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : dylan - DYLANS-PC
# Running from : C:\Users\dylan\Desktop\virus removal\adwcleaner_5.019.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\dylan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://search.babylon.com/?affID=112555&tt=3012_7&babsrc=HP_ss&mntrId=424a69680000000000001c659d9216a6
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [787 bytes] ##########
 


#6 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:55 AM

Posted 09 November 2015 - 06:40 PM

Ok. We will use FRST to remove some items. Copy/paste whats below in the box into notepad.

Save it as fixlist.txt in the same location you have FRST.

Start FRST like before except this time click on the Fix button once. Machine may reboot to finish. On reboot you will find a fixlog.txt in the same location as FRST. Please copy/paste the fixlog txt in your reply.

SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-2290322855-991187763-195446925-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=112555&tt=3012_7&babsrc=HP_ss&mntrId=424a69680000000000001c659d9216a6
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1446428912"
CHR DefaultSearchURL: Default -> hxxp://thepiratebay.org/search/{searchTerms}
CHR DefaultSearchKeyword: Default -> thepiratebay.org
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\dylan\AppData\Roaming\Ie49D7SU3YFTMgH4B6
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\dylan\AppData\Roaming\L1NmEZEC3qCB0Xvy3oL4aa
2015-09-02 13:37 - 2015-09-02 13:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-09 21:56 - 2015-09-09 21:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Task: {13EB26D8-C2BE-4E74-9757-5D3D01B31C19} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {18F851D1-CE96-4FDF-8DDF-F6DD9E73C6B1} - System32\Tasks\Application Defender Uninstaller => C:\Program Files (x86)\Application Defender\ApplicationDefender.exe [2015-10-12] (Backup Updater) <==== ATTENTION
​C:\Program Files (x86)\Application Defender\ApplicationDefender.exe
​EmptyTemp:




How Can I Reduce My Risk to Malware?


#7 D-My

D-My
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 11 November 2015 - 03:18 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by dylan (2015-11-11 15:11:36) Run:1
Running from C:\Users\dylan\Desktop\FRST
Loaded Profiles: dylan (Available Profiles: dylan & karli)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-2290322855-991187763-195446925-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=112555&tt=3012_7&babsrc=HP_ss&mntrId=424a69680000000000001c659d9216a6
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1446428912"
CHR DefaultSearchURL: Default -> hxxp://thepiratebay.org/search/{searchTerms}
CHR DefaultSearchKeyword: Default -> thepiratebay.org
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\dylan\AppData\Roaming\Ie49D7SU3YFTMgH4B6
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\dylan\AppData\Roaming\L1NmEZEC3qCB0Xvy3oL4aa
2015-09-02 13:37 - 2015-09-02 13:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-09 21:56 - 2015-09-09 21:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Task: {13EB26D8-C2BE-4E74-9757-5D3D01B31C19} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {18F851D1-CE96-4FDF-8DDF-F6DD9E73C6B1} - System32\Tasks\Application Defender Uninstaller => C:\Program Files (x86)\Application Defender\ApplicationDefender.exe [2015-10-12] (Backup Updater) <==== ATTENTION
?C:\Program Files (x86)\Application Defender\ApplicationDefender.exe
?EmptyTemp:
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2290322855-991187763-195446925-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\dylan\AppData\Roaming\Ie49D7SU3YFTMgH4B6 => moved successfully
C:\Users\dylan\AppData\Roaming\L1NmEZEC3qCB0Xvy3oL4aa => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13EB26D8-C2BE-4E74-9757-5D3D01B31C19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13EB26D8-C2BE-4E74-9757-5D3D01B31C19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18F851D1-CE96-4FDF-8DDF-F6DD9E73C6B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18F851D1-CE96-4FDF-8DDF-F6DD9E73C6B1}" => key removed successfully
C:\WINDOWS\System32\Tasks\Application Defender Uninstaller => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Application Defender Uninstaller" => key removed successfully
?C:\Program Files (x86)\Application Defender\ApplicationDefender.exe => Error: No automatic fix found for this entry.
?EmptyTemp: => Error: No automatic fix found for this entry.
 
==== End of Fixlog 15:11:36 ====
 
(still not fixed) thank u for the help btw


#8 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:55 AM

Posted 11 November 2015 - 05:30 PM

ok so still shows up? In one browser or both assuming you mean its changing your start page in your browser? Or are you getting popup ads, redirection to other webpages or both.

​Please download RogueKiller.exe and save to the desktop.


    http://www.bleepingcomputer.com/download/roguekiller/
 
    Close all windows and browsers
    Right-click the program and select 'Run as Administrator'
    Accept the EULA. The tool will open up a webpage you can read or close it.
    A prescan will start automatically. When the prescan is done: press the Scan button.
    When the scan is done press the Report button. At the new window click on the Open TXT button.
    Save the txt to your desktop and copy/paste the txt report in your next reply.

    Dont fix anything yet. Not everything listed is bad.

    File>Quit to exit Roguekiller


How Can I Reduce My Risk to Malware?


#9 D-My

D-My
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 13 November 2015 - 07:41 PM

RogueKiller V10.11.5.0 [Nov  9 2015] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : dylan [Administrator]
Started from : C:\Users\dylan\Desktop\virus removal\RogueKiller.exe
Mode : Scan -- Date : 11/13/2015 19:39:44
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] Full Cleaner.exe(2708) -- C:\Users\dylan\AppData\Roaming\Full Cleaner\Full Cleaner.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2290322855-991187763-195446925-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1447195687  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2290322855-991187763-195446925-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1447195687  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] wpfzzpae.default : user_pref("browser.startup.homepage", "https://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1447022145"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 50b2c26261c2c90544b1f0a6b5ea20f6
[BSP] 02d1674b99c6d6c04aa2076a63f0b50e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 1f65efde634a8a9293ce0cd5bddb27c5
[BSP] eef0f062bd962ae11bff7e2fe30e52dc : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 3820 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


#10 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:55 AM

Posted 14 November 2015 - 10:22 AM

ok. Good.

Rerun RogueKiller like before; after the prescan- click on the Scan button. When done make sure a checkmark is placed next to each ot these items only:

​Processes Tab

​[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] Full Cleaner.exe(2708) -- C:\Users\dylan\AppData\Roaming\Full Cleaner\Full Cleaner.exe[-] -> Killed [TermProc]

​Registry Tab

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2290322855-991187763-195446925-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1447195687  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2290322855-991187763-195446925-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1447195687  -> Found

Web browsers Tab:
[PUM.HomePage][FIREFX:Config] wpfzzpae.default : user_pref("browser.startup.homepage", "https://search.protectedio.com/?u=35d57617b859fac3a9c42cf4f8ce5be7&c=p1&src=hp&inst=1447022145"); -> Found

 

​Last: click the delete button. Machine may reboot to finish.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users