Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware keeps coming back even after complete removal


  • This topic is locked This topic is locked
5 replies to this topic

#1 twiggle

twiggle

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 30 November 2015 - 07:02 PM

Hi, so here is my problem: This virus (I guess its adware? not completely sure) keeps coming back. It hijacks my proxy settings and when I browse the web ads popup in different browsers.

 

I have looked up countless forum posts on here, have followed other directions (run adwcleaner, junkware removal, minitoolbox, malwarebytes, etc, etc).

I run them, they get rid of the virus, and everything goes smoothly from there on out. Heres the thing: 2-5 days later, it comes back out of nowhere! (and its the same virus)

 

From my observations the obvious virus/adware that keeps coming back is:

"Jelbruss secure web"

and "PrivoxyService"

 

I delete them with the antivirus' listed above, and then re-scan and they say everything is great. Then, like I said before, 2-5 days later they come back.

 

Any help would be appreciated, thank you  :thumbup2:



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 30 November 2015 - 07:19 PM

Hello twiggle and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 twiggle

twiggle
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 30 November 2015 - 11:31 PM

Hi, thanks for responding. 

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by Matthew (administrator) on MATTHEW (30-11-2015 21:22:09)
Running from C:\Users\Matthew\Desktop
Loaded Profiles: Matthew (Available Profiles: Matthew & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\NFC Proxy Service\bin\NFCProxyService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Optical TrackPad\OTPCmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.652.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcchhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\OBS\OBS.exe
() C:\Program Files\OBS\plugins\CLRHostPlugin\CLRBrowserSourcePlugin\CLRBrowserSourceClient.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1233040 2012-11-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1233040 2012-11-07] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OTPCmd] => C:\Program Files (x86)\Optical TrackPad\OTPCmd.exe [6597184 2012-09-05] ()
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Matthew\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\Run: [f.lux] => C:\Users\Matthew\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\...\RunOnce: [Uninstall C:\Users\Matthew\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Matthew\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{19f6baba-7a0e-4883-891b-e90842dcefe8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{f25cb03b-1f45-4478-a4c7-29dfd94b153a}: [DhcpNameServer] 192.168.0.1 205.171.2.65
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-3974373492-2608816228-2528439974-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-3974373492-2608816228-2528439974-1001 -> DefaultScope {64B2EB7C-7F5E-4314-8019-E8FBCC235652} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-21] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-11-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-22] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-22] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3974373492-2608816228-2528439974-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3974373492-2608816228-2528439974-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Matthew\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3974373492-2608816228-2528439974-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Matthew\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin HKU\S-1-5-21-3974373492-2608816228-2528439974-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\protectedIO.xml [2015-11-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2014-06-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-13] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-07-07]
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (FrankerFaceZ) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2015-10-05]
CHR Extension: (SiteAdvisor) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (ReChat for Twitch™) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-10-22]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-03-31]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-07-29]
CHR Extension: (deviantART muro) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2014-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-21]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-21]
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-08] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-22] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-22] (Intel Corporation)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2015-11-21] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
R2 NFCProxyService; C:\Program Files (x86)\Sony\NFC Proxy Service\bin\NFCProxyService.exe [470528 2011-11-15] (Sony Corporation) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-11-07] (Sony Corporation)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 OTGMouUSB; C:\Windows\system32\DRIVERS\OTGMouUSB.sys [22592 2012-08-22] (CRUCIALTEC Co.,Ltd.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [29352 2015-11-20] ()
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-29] ()
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 sonyfelicaportm; C:\Windows\System32\Drivers\sonyfelicaportm.sys [45160 2012-07-26] (Sony Corporation)
R3 sonynfcport100c; C:\Windows\System32\Drivers\sonynfcport100c.sys [62056 2012-06-29] (Sony Corporation)
R3 sonynfcport100f; C:\Windows\System32\Drivers\sonynfcport100f.sys [647784 2012-08-29] (Sony Corporation)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 Fonuslx; drv.sys [X]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-30 21:22 - 2015-11-30 21:22 - 00030592 _____ C:\Users\Matthew\Desktop\FRST.txt
2015-11-30 21:21 - 2015-11-30 21:22 - 00000000 ____D C:\FRST
2015-11-30 21:20 - 2015-11-30 21:21 - 02350080 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
2015-11-30 21:20 - 2015-11-30 21:20 - 02350080 _____ (Farbar) C:\Users\Matthew\Downloads\FRST64.exe
2015-11-30 19:49 - 2015-11-30 19:49 - 00016148 _____ C:\WINDOWS\system32\MATTHEW_Matthew_HistoryPrediction.bin
2015-11-30 19:27 - 2015-11-30 19:27 - 00000222 _____ C:\Users\Matthew\Desktop\Downwell.url
2015-11-30 17:15 - 2015-11-30 17:15 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-30 14:57 - 2015-11-30 14:57 - 01599336 _____ (Malwarebytes) C:\Users\Matthew\Downloads\JRT (3).exe
2015-11-30 14:49 - 2015-11-30 14:49 - 01736704 _____ C:\Users\Matthew\Downloads\AdwCleaner (3).exe
2015-11-30 14:48 - 2015-11-30 14:48 - 00891392 _____ (Farbar) C:\Users\Matthew\Downloads\MiniToolBox (3).exe
2015-11-28 19:48 - 2015-11-28 20:08 - 141768818 _____ C:\Users\Matthew\Desktop\4.3 jungle level.mp4
2015-11-28 16:11 - 2015-11-28 16:11 - 00003224 _____ C:\Users\Matthew\Downloads\spelunky_save (2).sav
2015-11-27 20:15 - 2015-11-27 20:15 - 00000222 _____ C:\Users\Matthew\Desktop\Spelunky.url
2015-11-26 18:14 - 2015-11-26 18:15 - 01733632 _____ C:\Users\Matthew\Downloads\AdwCleaner (2).exe
2015-11-26 18:12 - 2015-11-26 18:12 - 00891392 _____ (Farbar) C:\Users\Matthew\Downloads\MiniToolBox (2).exe
2015-11-26 18:08 - 2015-11-26 18:09 - 01599336 _____ (Malwarebytes) C:\Users\Matthew\Downloads\JRT (2).exe
2015-11-26 18:04 - 2015-11-26 18:04 - 01733632 _____ C:\Users\Matthew\Downloads\AdwCleaner (1).exe
2015-11-26 18:00 - 2015-11-26 18:00 - 00891392 _____ (Farbar) C:\Users\Matthew\Downloads\MiniToolBox (1).exe
2015-11-25 16:43 - 2015-11-25 16:43 - 10655266 _____ C:\Users\Matthew\Downloads\SUPERSECRETBEEGAME.zip
2015-11-25 16:43 - 2015-11-25 16:43 - 00000000 ____D C:\Users\Matthew\Desktop\SUPERSECRETBEEGAME
2015-11-25 16:37 - 2015-11-25 16:37 - 10554992 _____ C:\Users\Matthew\Downloads\Bridgebuilder.zip
2015-11-25 16:37 - 2015-11-25 16:37 - 00000000 ____D C:\Users\Matthew\Desktop\Bridgebuilder
2015-11-25 10:23 - 2015-11-25 10:23 - 00000221 _____ C:\Users\Matthew\Desktop\Braid.url
2015-11-25 09:54 - 2015-11-25 09:54 - 01733632 _____ C:\Users\Matthew\Downloads\AdwCleaner.exe
2015-11-25 09:51 - 2015-11-30 14:49 - 00054123 _____ C:\Users\Matthew\Downloads\MTB.txt
2015-11-25 09:51 - 2015-11-25 09:51 - 00891392 _____ (Farbar) C:\Users\Matthew\Downloads\MiniToolBox.exe
2015-11-24 16:11 - 2015-11-24 16:11 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\avidemux
2015-11-24 16:10 - 2015-11-24 16:18 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
2015-11-24 16:10 - 2015-11-24 16:10 - 15773608 _____ C:\Users\Matthew\Downloads\avidemux_2.6.10_win64.exe
2015-11-24 16:09 - 2015-11-24 16:10 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6 - 32 bits
2015-11-24 16:09 - 2015-11-24 16:09 - 15100922 _____ C:\Users\Matthew\Downloads\avidemux_2.6.10_win32.exe
2015-11-24 16:02 - 2015-11-24 16:02 - 01908225 _____ C:\Users\Matthew\Downloads\VirtualDub-1.10.4.zip
2015-11-24 16:00 - 2015-11-24 16:00 - 01239752 _____ (Microsoft Corporation) C:\Users\Matthew\Downloads\wlsetup-web.exe
2015-11-22 18:17 - 2015-11-22 18:17 - 00000221 _____ C:\Users\Matthew\Desktop\Super Meat Boy.url
2015-11-22 15:17 - 2015-11-22 15:17 - 00001166 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frozlunky.lnk
2015-11-21 23:15 - 2015-11-21 23:18 - 18965306 _____ (Macromedia) C:\Users\Matthew\Downloads\5.0_flash5.exe
2015-11-21 23:07 - 2015-11-21 23:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Macromedia
2015-11-21 23:07 - 2015-11-21 23:07 - 00000000 ____D C:\Users\Matthew\AppData\Local\Macromedia
2015-11-21 23:06 - 2015-11-21 23:06 - 00001995 _____ C:\Users\Public\Desktop\Macromedia Flash 8.lnk
2015-11-21 23:05 - 2015-11-21 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-11-21 22:36 - 2015-11-21 23:05 - 113060248 _____ (Macromedia ) C:\Users\Matthew\Downloads\Flash8-en (1).exe
2015-11-21 21:43 - 2015-11-21 22:02 - 66401515 _____ (Macromedia ) C:\Users\Matthew\Downloads\flashmx2004.exe
2015-11-21 21:37 - 2015-11-21 21:37 - 19807540 _____ C:\Users\Matthew\Downloads\Windows8.1-KB2867622-x64.msu
2015-11-21 21:27 - 2015-11-21 21:27 - 17154208 _____ C:\Users\Matthew\Downloads\flash_player_update6_flash8_win.zip
2015-11-21 21:27 - 2008-04-09 14:27 - 00000000 ____D C:\Users\Matthew\Downloads\Players
2015-11-21 21:26 - 2015-11-21 21:26 - 00159182 _____ C:\Users\Matthew\Downloads\flvplayback_1_0_1.zip
2015-11-21 21:26 - 2015-11-21 21:26 - 00000000 ____D C:\Users\Matthew\Downloads\flvplayback_1_0_1
2015-11-21 21:25 - 2015-11-21 21:25 - 00000000 ____D C:\Users\Matthew\Downloads\flash8_ac_update_en
2015-11-21 21:24 - 2015-11-21 21:24 - 00015346 _____ C:\Users\Matthew\Downloads\flash8_ac_update_en.zip
2015-11-21 21:22 - 2015-11-21 21:23 - 21921600 _____ (Macromedia ) C:\Users\Matthew\Downloads\fl8_flashlite2_1_update.exe
2015-11-21 21:21 - 2015-11-21 21:21 - 15879944 _____ (Macromedia ) C:\Users\Matthew\Downloads\fl8_flashlite2_update.exe
2015-11-21 20:55 - 2015-11-21 20:55 - 00000000 ____D C:\Users\twigg\AppData\Local\Packages
2015-11-21 20:55 - 2015-11-21 20:55 - 00000000 ____D C:\Users\twigg
2015-11-20 16:01 - 2015-11-20 16:01 - 00002246 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC
2015-11-20 16:01 - 2015-11-20 16:01 - 00002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-11-20 16:01 - 2015-11-20 16:01 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-11-20 16:01 - 2015-11-20 16:00 - 00029352 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2015-11-20 16:01 - 2015-11-20 16:00 - 00010324 _____ C:\WINDOWS\system32\Drivers\semav6msr64.cat
2015-11-16 13:36 - 2015-11-26 17:59 - 00001875 _____ C:\Users\Matthew\Desktop\chrome.exe - Shortcut.lnk
2015-11-13 13:47 - 2015-11-13 13:47 - 00001993 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-11-13 13:47 - 2015-11-13 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-13 13:46 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-11-13 13:45 - 2015-11-13 13:45 - 00003138 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-11-13 13:45 - 2015-11-13 13:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-11-13 13:45 - 2015-11-13 13:45 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-11-13 13:44 - 2015-11-13 13:47 - 00000000 ____D C:\Program Files\McAfee
2015-11-13 13:44 - 2015-11-13 13:44 - 00000000 ____D C:\Program Files\McAfee.com
2015-11-13 13:44 - 2015-11-13 13:44 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-13 13:39 - 2015-11-13 13:39 - 00000000 ____D C:\Quarantine
2015-11-13 13:38 - 2015-11-13 13:38 - 08112600 _____ (McAfee, Inc.) C:\Users\Matthew\Downloads\Setup_serial_-TCHeul_zEIEOwCtkZOf4A2_key.exe
2015-11-13 13:24 - 2015-11-13 13:24 - 00003380 _____ C:\WINDOWS\System32\Tasks\System Update
2015-11-12 12:27 - 2015-11-12 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-12 12:27 - 2015-11-12 12:27 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-10 13:02 - 2015-11-04 22:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 13:02 - 2015-11-04 22:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 13:02 - 2015-11-04 22:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 13:02 - 2015-11-04 22:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 13:02 - 2015-11-04 22:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 13:02 - 2015-11-04 22:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 13:02 - 2015-11-04 22:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 13:02 - 2015-11-04 22:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 13:02 - 2015-11-04 21:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 13:02 - 2015-11-04 21:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 13:02 - 2015-11-04 21:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 13:02 - 2015-11-04 21:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 13:02 - 2015-11-04 21:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 13:02 - 2015-11-04 21:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 13:02 - 2015-11-04 21:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 13:02 - 2015-11-04 21:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 13:02 - 2015-11-04 21:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 13:02 - 2015-11-04 21:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 13:02 - 2015-11-04 21:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 13:02 - 2015-11-04 21:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 13:02 - 2015-11-04 21:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 13:02 - 2015-11-04 21:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 13:02 - 2015-11-04 21:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 13:02 - 2015-11-04 21:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 13:02 - 2015-11-04 21:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 13:02 - 2015-11-04 21:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 13:02 - 2015-11-04 21:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 13:02 - 2015-11-04 21:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 13:02 - 2015-11-04 21:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 13:02 - 2015-11-04 21:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 13:02 - 2015-11-04 21:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 13:02 - 2015-11-04 21:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 13:02 - 2015-11-04 21:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 13:02 - 2015-11-04 20:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 13:02 - 2015-11-04 20:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 13:02 - 2015-11-04 20:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 13:02 - 2015-11-04 20:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 13:02 - 2015-11-04 20:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 13:02 - 2015-11-04 20:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 13:02 - 2015-11-04 20:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 13:02 - 2015-11-04 20:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 13:02 - 2015-11-04 20:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 13:02 - 2015-11-04 20:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 13:02 - 2015-11-04 20:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 13:02 - 2015-11-04 20:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 13:02 - 2015-11-04 20:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 13:02 - 2015-11-04 20:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 13:02 - 2015-11-04 20:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 13:02 - 2015-11-04 20:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 13:02 - 2015-11-04 20:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 13:02 - 2015-11-04 20:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 13:02 - 2015-11-04 20:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 13:02 - 2015-11-04 20:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-09 19:14 - 2015-11-09 19:14 - 00001329 _____ C:\Users\Matthew\Desktop\OBS.exe - Shortcut.lnk
2015-11-09 19:04 - 2015-11-09 19:06 - 48984233 _____ C:\Users\Matthew\Downloads\CLRBrowserSourcePlugin-20140909x64.zip
2015-11-09 19:04 - 2015-11-09 19:04 - 01118920 _____ (Microsoft Corporation) C:\Users\Matthew\Downloads\NDP452-KB2901954-Web.exe
2015-11-09 19:03 - 2015-11-09 19:03 - 07194312 _____ (Microsoft Corporation) C:\Users\Matthew\Downloads\vcredist_x64.exe
2015-11-09 19:03 - 2015-11-09 19:03 - 01420840 _____ (Microsoft Corporation) C:\Users\Matthew\Downloads\vcredist_arm.exe
2015-11-07 21:58 - 2015-11-07 21:58 - 00000000 ____D C:\Users\Matthew\AppData\Local\gm_ttt_75876
2015-11-07 21:57 - 2015-11-07 21:57 - 00000000 ____D C:\Users\Matthew\AppData\Local\gm_ttt_93174
2015-11-06 23:25 - 2015-11-06 23:35 - 00000000 ____D C:\Users\Matthew\AppData\Local\gm_ttt_17344
2015-11-06 23:08 - 2015-11-06 23:12 - 130933328 _____ C:\Users\Matthew\Downloads\GameMaker Game Programming with GML.zip
2015-11-06 19:55 - 2015-11-06 19:55 - 00000000 ____D C:\Users\Matthew\AppData\Local\gm_ttt_75390
2015-11-06 19:54 - 2015-11-06 19:54 - 00000000 ____D C:\Users\Matthew\AppData\Local\gm_ttt_91614
2015-11-06 19:52 - 2015-11-06 19:52 - 00000000 ____D C:\Users\Matthew\AppData\Local\gm_ttt_74038
2015-11-06 19:50 - 2015-11-06 19:50 - 00000000 ____D C:\Users\Matthew\AppData\Local\gm_ttt_89672
2015-11-05 21:29 - 2015-11-05 21:32 - 387730711 _____ C:\Users\Matthew\Downloads\cocos2d-x-3.8.1.zip
2015-11-05 20:18 - 2015-11-05 20:18 - 08299718 _____ C:\Users\Matthew\Downloads\Discosabers!.rar
2015-11-05 00:29 - 2015-11-05 00:30 - 02953520 _____ (AVAST Software) C:\Users\Matthew\Downloads\avast-browser-cleanup.exe
2015-11-02 03:28 - 2015-11-02 03:28 - 00000383 _____ C:\ftconfig.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-30 21:21 - 2015-07-10 02:05 - 00000000 ____D C:\Windows
2015-11-30 20:56 - 2014-06-19 19:14 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8c2d5325faac.job
2015-11-30 20:03 - 2013-10-24 18:42 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\OBS
2015-11-30 20:03 - 2013-08-20 12:00 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-30 17:17 - 2015-09-18 16:25 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 15:41 - 2015-07-10 04:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-30 15:41 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-30 14:58 - 2015-09-18 14:36 - 01011882 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 14:58 - 2015-07-10 04:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-30 14:56 - 2015-03-01 14:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-30 14:55 - 2014-08-24 10:08 - 00000000 ____D C:\Users\Matthew\AppData\Local\Adobe
2015-11-30 14:52 - 2014-06-15 08:26 - 00000000 __SHD C:\Users\Matthew\IntelGraphicsProfiles
2015-11-30 14:52 - 2014-05-09 08:14 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf6b996a3d815d.job
2015-11-30 14:51 - 2015-10-27 18:40 - 00000000 ____D C:\AdwCleaner
2015-11-30 14:51 - 2015-07-10 05:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 14:51 - 2015-07-10 02:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 14:51 - 2013-08-20 06:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-30 14:30 - 2015-10-09 16:09 - 00003412 _____ C:\WINDOWS\System32\Tasks\Jelbruss Secure Web Worker
2015-11-30 14:19 - 2015-07-10 02:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-29 00:11 - 2013-08-20 11:29 - 00000000 ___RD C:\Users\Matthew\Desktop\Important
2015-11-26 20:35 - 2014-09-20 14:03 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Braid
2015-11-26 18:03 - 2014-01-19 10:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-26 09:29 - 2015-09-23 18:20 - 00000000 ____D C:\Users\Matthew\AppData\Local\GameMaker-Studio
2015-11-25 17:55 - 2013-09-07 15:05 - 00003416 _____ C:\Users\Matthew\Desktop\notes.txt
2015-11-25 09:56 - 2015-09-18 14:28 - 00000000 ____D C:\Users\Matthew
2015-11-25 09:09 - 2015-07-10 04:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 09:08 - 2014-11-06 20:42 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-25 09:03 - 2015-09-30 16:26 - 00002271 _____ C:\Users\Matthew\Desktop\LiveSplit.exe - Shortcut.lnk
2015-11-24 14:28 - 2014-07-29 16:09 - 00000000 ____D C:\Program Files\OBS
2015-11-21 23:33 - 2015-05-07 18:12 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\vlc
2015-11-21 23:23 - 2015-10-28 20:10 - 00000000 ____D C:\Program Files (x86)\Macromedia
2015-11-21 23:23 - 2012-11-29 03:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 23:05 - 2014-01-31 18:20 - 00000000 ____D C:\ProgramData\Macromedia
2015-11-21 23:05 - 2013-11-08 21:26 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-11-21 22:18 - 2015-07-20 13:57 - 00000000 ___RD C:\Users\Matthew\Creative Cloud Files
2015-11-21 22:18 - 2013-08-20 06:48 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Adobe
2015-11-21 22:18 - 2012-11-29 04:24 - 00000000 ____D C:\ProgramData\Adobe
2015-11-21 22:18 - 2012-11-29 04:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-21 22:16 - 2014-07-29 17:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-21 22:13 - 2015-09-18 13:26 - 00000000 ____D C:\AdobeTemp
2015-11-21 22:13 - 2015-07-20 14:51 - 00000000 ____D C:\Program Files\Adobe
2015-11-21 22:13 - 2013-10-24 19:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-21 21:35 - 2012-11-29 03:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Sony Corporation
2015-11-21 21:35 - 2012-11-29 03:31 - 00000000 ____D C:\Program Files (x86)\Sony
2015-11-21 21:31 - 2013-08-20 08:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main
2015-11-21 21:31 - 2012-11-29 03:19 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-11-21 21:31 - 2012-11-29 03:17 - 00000000 ____D C:\Program Files\Sony
2015-11-21 20:57 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-20 16:02 - 2013-08-20 07:13 - 00000000 ____D C:\Update
2015-11-14 14:11 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-14 13:46 - 2014-07-29 17:09 - 00000000 ____D C:\ProgramData\McAfee
2015-11-13 15:50 - 2015-07-10 04:06 - 00000000 ____D C:\WINDOWS\Setup
2015-11-13 15:50 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-13 13:46 - 2015-10-08 19:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-13 13:45 - 2015-07-10 04:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-13 13:39 - 2015-10-09 16:09 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Network Defrag
2015-11-13 13:14 - 2015-10-10 17:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 17:03 - 2015-10-28 19:49 - 00001193 _____ C:\Users\Matthew\Desktop\Pivot Animator.lnk
2015-11-10 19:41 - 2015-07-30 19:34 - 00000000 ____D C:\Users\Matthew\AppData\Local\Eggplants_Need_Water_
2015-11-10 13:11 - 2015-07-10 03:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 13:11 - 2013-08-20 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 13:04 - 2013-08-20 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-09 17:07 - 2015-10-12 15:33 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\GameMaker-Studio
2015-11-09 12:07 - 2013-08-20 07:11 - 00000000 ____D C:\Users\Matthew\AppData\Local\ElevatedDiagnostics
2015-11-07 00:48 - 2015-10-21 10:43 - 00000000 ____D C:\Users\Matthew\Desktop\Game development
2015-11-05 19:09 - 2014-07-29 16:09 - 00000000 ____D C:\Program Files (x86)\OBS
2015-11-05 00:54 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Registration
2015-11-03 11:20 - 2015-07-10 04:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 11:20 - 2015-07-10 04:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-05-14 15:25 - 2013-08-28 17:20 - 0002092 _____ () C:\Program Files (x86)\license.txt
2014-09-04 13:36 - 2015-05-12 17:18 - 0000033 _____ () C:\Users\Matthew\AppData\Roaming\AdobeWLCMCache.dat
2013-12-27 12:29 - 2013-12-27 12:17 - 0012005 _____ () C:\Users\Matthew\AppData\Roaming\alsoft.ini
2014-09-24 21:09 - 2015-06-01 20:15 - 0001456 _____ () C:\Users\Matthew\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-20 20:06 - 2014-06-20 20:58 - 0007607 _____ () C:\Users\Matthew\AppData\Local\resmon.resmoncfg
2014-04-07 11:18 - 2014-04-07 11:18 - 0000057 _____ () C:\Users\Matthew\AppData\Local\springsettings.cfg
2013-12-06 20:47 - 2013-12-06 20:47 - 0000911 _____ () C:\Users\Matthew\AppData\Local\Temppenciltemp.png
2013-08-20 07:26 - 2013-08-20 07:27 - 0027033 _____ () C:\Users\Matthew\AppData\Local\WiDiSetupLog.20130820.072612.txt
2013-09-02 15:21 - 2013-09-02 15:21 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-29 03:20 - 2012-11-29 03:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-09 12:24 - 2013-12-11 12:24 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Matthew\jobq.dat
 
 
Some files in TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\4D8.tmp.exe
C:\Users\Matthew\AppData\Local\Temp\F7F6.tmp.exe
C:\Users\Matthew\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Matthew\AppData\Local\Temp\GPUpd561D8F890.exe
C:\Users\Matthew\AppData\Local\Temp\GPUpd561D8F8F0.exe
C:\Users\Matthew\AppData\Local\Temp\GPUpd562032890.exe
C:\Users\Matthew\AppData\Local\Temp\GPUpd5622D5890.exe
C:\Users\Matthew\AppData\Local\Temp\hp_upd2_1270.exe
C:\Users\Matthew\AppData\Local\Temp\h_u2_32992.exe
C:\Users\Matthew\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Matthew\AppData\Local\Temp\msxml6-KB927977-enu-amd64.exe
C:\Users\Matthew\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\Matthew\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-27 12:22
 
==================== End of FRST.txt ============================
 
 

 

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

I attached addition.txt to this response.
 
Thanks

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 01 December 2015 - 01:36 PM

Hi twiggle,

Please If you use to uninstall crack,keygen the softwares all ! I'll checked

(McAfee, Inc.) C:\Users\Matthew\Downloads\Setup_serial_-TCHeul_zEIEOwCtkZOf4A2_key.exe

Crack and keygen !
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, BC does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
Windows Firewall is enabled.

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
========================================================================================

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Gyazo
  • search.protectedio.com
  • Symantec

And Applications:

  • C:\Program Files (x86)\Symantec
  • C:\Program Files\McAfee Security Scan

 

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

========================================================================

Let me know when you get that done.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 12 December 2015 - 01:33 PM

Are you stiil with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 18 December 2015 - 04:21 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users