Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run anti-malware, even root-kits


  • This topic is locked This topic is locked
55 replies to this topic

#1 sbdiveco

sbdiveco

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 11 December 2015 - 09:00 PM

Windows 10 64bit, updated from Windows 7 64bit

 

Since shortly after the update, I have been unable to run almost any security software to completion...most either terminate due to an error, kick me out to BSD, freeze the OS ("Not Responding") or run endlessly.

 

I have been able to run:

 

  • RKill
  • CCleaner
  • AdwCleaner

but am unable to run to completion:

  • Security Check
  • GMER
  • MBAM
  • MBAR
  • Windows Defender
  • aswMBR
  • TDSSKiller
  • DDS
  • ASC
  • VipreRescue
  • FRST

I am also having problems with peripherals, specifically:

  • the onboard WiFi adapter fails to turn on, even with most recent driver downloaded, and
  • USB WiFi adapter I purchased to replace shuts itself off intermittently and with no seeming cause or pattern
  • old printer stopped working, computer could not locate printer.  At the time I assumed due to age and driver issues with Win 10, but
  • brand new printer purchased to replace has many of the same communication issues

At this point, following the directions in the Preparation Guide, I should post the results of FRST, however, when I attempted to run it, it ran for about 5 minutes (green bar about 20% complete) and then stopped, with a message of "Not Responding".

If it helps at all, the software it was scanning at the time was C:\Windows\System32\WINSTA.dll

 

I had an issue with Cassiopessa some time ago, but thought that I had successfully removed it.  That was prior to Windows 10 update

 

Any help you can give is most appreciated.

 

Sbdiveco



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:49 PM

Posted 12 December 2015 - 01:26 AM

Hello again,

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

==========

Okay, before we begin, you mention:
 

I have been able to run:

 

  • RKill
  • CCleaner
  • AdwCleaner

Could you please attach the logs from RKill and AdwCleaner in your next reply? They could be most helpful in this case. :)

 

If you need help locating them, please post back and let me know...If you need, I will give you specific instructions on how to find them! :wink:

 

You may attach both logs if you'd like to avoid topic clutter (again, if you need assistance on how to do that, don't hesitate to ask). :thumbup2:

 

Also, please let me know if you have any trouble with the above!

 

bloopie



#3 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 10:02 AM

I have attached the RKill log from 08 Dec 2015, but am unable to find the adwCleaner log file (same date, I believe).  I may have deleted it.

 

This morning, despite the FRST never finishing, I found both FRST.txt and Addition.txt on my desktop, and have attached them.

 

 

Attached Files



#4 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 10:05 AM

I do not think I have a Windows CD/DVD.  If I recall correctly, this computer did not come with one, though purchased from TigerDirect,  Computer might be a refurb, I cannot recall.

 

sbdiveco



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:49 PM

Posted 12 December 2015 - 02:25 PM

Hello again sbdiveco,

 

Thanks for the logs and information!

 

First of all, if you have any questions along the way, please don't hesitate to ask! :thumbup2:

 

 

 

Could you please attach this one file for me to have a look at?:

C:\TDSSKiller.3.1.0.7_04.12.2015_15.43.59_log.txt

Attach only that one file above...All the other logs I request in this post below, please copy/paste the contents. Thanks! :)

 

==========

 

Just a Quick Note:

 

I would recommend uninstalling all of your IObit software that you have running...technically it's not malicious, but IObit is really just a big system resource hog. It's not at all necessary to have all of those pieces of IObit running and/or installed. ...Not only that, but IObit stole the definition library from Malwarebytes Antimalware a few years back and I (and many others) have never trusted them again.

 

But it's still a choice I leave up to you. If you'd wish to remove it, then I will give you instructions on how we can do that later on. Right now, you need only let me know. :wink:

====================

Okay, let's run this FRST script and then we'll see how things are going afterwards:

Step :step1:

  • Please download the attached Attached File  fixlist.txt   17.92KB   2 downloads and save it to the same location as FRST (on your desktop).
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST64.exe and press the Fix button just once and wait
  • I have included a directive that will cause FRST to reboot the computer, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

Once you've ran the above fix and posted the log with FRST, I'd like you to try again to run aswMBR and post that log if it completes. Please be patient though...some scans may appear to have stalled and even displayed "(Not Responding)", but will still finish after it responds again. FRST is one of those programs. :wink:
 
==========
 
Step :step3:
 
Now run AdwCleaner again, but only get the logfile (do not run "Cleaning" option) and copy and paste that into your next reply.
 
==========
 
Step :step4:

Then please run a fresh FRST scan and post the resultant log (hopefully a full log). :)
 
====================
 
And finally, please let me know how the machine is running now...any improvement?

If you have any trouble running any of the above, you may skip that step and continue with the next step...please let me know how it goes in any case (good or not-so-good)! :thumbup2:
 
bloopie



#6 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 04:09 PM

So far, so good.  Sorry to hear about IOBit, I am happy to get rid of it and appreciate any recommendations for replacements.

 

Below is fixlog results, attached is TDSSKiller log, and I am moving on to running aswMBR again.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by Joseph Buckley (2015-12-12 14:40:05) Run:1
Running from C:\Users\Joseph Buckley\Desktop\Utilities
Loaded Profiles: Joseph Buckley (Available Profiles: Joseph Buckley & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1"
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\RunOnce: [Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-144196732-75696582-2673781294-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-144196732-75696582-2673781294-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File
Toolbar: HKU\S-1-5-21-144196732-75696582-2673781294-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Joseph Buckley\AppData\Roaming\Mozilla\Firefox\Profiles\sqontvmp.default-1435905646535\extensions\iobitascsurfingprotection@iobit.com [2015-11-18] [not signed]
DCLoader; C:\Program Files (x86)\DCLoader\DCLoader.exe [168448 2015-05-18] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\DCLoader\DCLoader.exe
S2 avgwd; no ImagePath
2012-11-20 00:46 - 2012-11-20 00:46 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-08-07 04:43 - 2015-08-17 11:26 - 0027012 _____ () C:\ProgramData\lxdu.log
2013-04-07 16:38 - 2014-06-04 17:13 - 0000431 _____ () C:\ProgramData\lxduDiagnostics.log
2013-09-12 11:37 - 2013-09-12 11:37 - 0006436 _____ () C:\ProgramData\lxduJSW.log
2014-04-26 07:29 - 2014-04-26 07:29 - 1407583 _____ () C:\ProgramData\SPL117D.tmp
2013-11-06 14:20 - 2013-11-06 14:20 - 0445169 _____ () C:\ProgramData\SPL11C7.tmp
2015-08-06 09:57 - 2015-08-06 09:57 - 0390025 _____ () C:\ProgramData\SPL143.tmp
2015-05-15 16:01 - 2015-05-15 16:02 - 18321407 _____ () C:\ProgramData\SPL1602.tmp
2015-08-16 17:47 - 2015-08-16 17:47 - 2861934 _____ () C:\ProgramData\SPL16F4.tmp
2014-05-15 20:57 - 2014-05-15 20:58 - 9905952 _____ () C:\ProgramData\SPL1795.tmp
2014-10-30 07:50 - 2014-10-30 07:50 - 5690531 _____ () C:\ProgramData\SPL17A7.tmp
2015-08-16 18:20 - 2015-08-16 18:20 - 2861934 _____ () C:\ProgramData\SPL1846.tmp
2014-04-26 19:59 - 2014-04-26 19:59 - 1407583 _____ () C:\ProgramData\SPL195.tmp
2014-03-14 13:25 - 2014-03-14 13:25 - 0495708 _____ () C:\ProgramData\SPL1972.tmp
2014-04-28 19:07 - 2014-04-28 19:07 - 1407583 _____ () C:\ProgramData\SPL19F5.tmp
2015-08-17 08:02 - 2015-08-17 08:02 - 2861934 _____ () C:\ProgramData\SPL1BC0.tmp
2015-04-29 05:32 - 2015-04-29 05:32 - 1547899 _____ () C:\ProgramData\SPL1C70.tmp
2013-09-18 18:01 - 2013-09-18 18:01 - 0478095 _____ () C:\ProgramData\SPL1FC1.tmp
2013-10-06 11:22 - 2013-10-06 11:22 - 0552764 _____ () C:\ProgramData\SPL229E.tmp
2014-04-24 06:11 - 2014-04-24 06:11 - 1407583 _____ () C:\ProgramData\SPL275D.tmp
2014-04-25 23:13 - 2014-04-25 23:13 - 1407583 _____ () C:\ProgramData\SPL277C.tmp
2014-02-18 09:05 - 2014-02-18 09:05 - 0650193 _____ () C:\ProgramData\SPL2796.tmp
2015-04-26 21:02 - 2015-04-26 21:02 - 5419613 _____ () C:\ProgramData\SPL27F.tmp
2014-10-15 09:10 - 2014-10-15 09:10 - 1505515 _____ () C:\ProgramData\SPL285C.tmp
2014-04-25 23:08 - 2014-04-25 23:08 - 1407583 _____ () C:\ProgramData\SPL313C.tmp
2014-04-28 19:06 - 2014-04-28 19:06 - 1407583 _____ () C:\ProgramData\SPL3330.tmp
2014-05-31 13:50 - 2014-05-31 13:50 - 7328272 _____ () C:\ProgramData\SPL333F.tmp
2014-11-15 19:07 - 2014-11-15 19:07 - 5819950 _____ () C:\ProgramData\SPL39D2.tmp
2015-03-07 21:46 - 2015-03-07 21:46 - 4249940 _____ () C:\ProgramData\SPL39E1.tmp
2014-04-25 12:59 - 2014-04-25 12:59 - 1407583 _____ () C:\ProgramData\SPL39F3.tmp
2014-04-29 02:20 - 2014-04-29 02:20 - 1407583 _____ () C:\ProgramData\SPL3ACE.tmp
2013-08-30 18:04 - 2013-08-30 18:04 - 0452993 _____ () C:\ProgramData\SPL3B78.tmp
2015-08-17 09:17 - 2015-08-17 09:17 - 2861934 _____ () C:\ProgramData\SPL3B7D.tmp
2014-01-23 21:20 - 2014-01-23 21:20 - 2157621 _____ () C:\ProgramData\SPL3B8C.tmp
2015-08-16 18:52 - 2015-08-16 18:52 - 2861934 _____ () C:\ProgramData\SPL3CA6.tmp
2013-09-06 05:10 - 2013-09-06 05:10 - 1912652 _____ () C:\ProgramData\SPL3CF2.tmp
2014-08-10 07:58 - 2014-08-10 07:58 - 0210194 _____ () C:\ProgramData\SPL3E13.tmp
2015-07-30 15:47 - 2015-07-30 15:47 - 1362104 _____ () C:\ProgramData\SPL3FF3.tmp
2014-05-18 13:13 - 2014-05-18 13:13 - 0570830 _____ () C:\ProgramData\SPL4098.tmp
2015-01-15 08:37 - 2015-01-15 08:38 - 10990145 _____ () C:\ProgramData\SPL4155.tmp
2013-12-13 13:13 - 2013-12-13 13:13 - 0470220 _____ () C:\ProgramData\SPL41BE.tmp
2014-04-25 23:16 - 2014-04-25 23:16 - 1407583 _____ () C:\ProgramData\SPL41DF.tmp
2014-01-22 14:10 - 2014-01-22 14:10 - 1686076 _____ () C:\ProgramData\SPL4854.tmp
2014-04-26 07:28 - 2014-04-26 07:28 - 1407583 _____ () C:\ProgramData\SPL4874.tmp
2014-04-25 12:49 - 2014-04-25 12:49 - 1407583 _____ () C:\ProgramData\SPL48D2.tmp
2014-06-13 10:28 - 2014-06-13 10:28 - 0663624 _____ () C:\ProgramData\SPL49AD.tmp
2014-04-26 20:14 - 2014-04-26 20:14 - 1407583 _____ () C:\ProgramData\SPL49BC.tmp
2014-03-14 05:14 - 2014-03-14 05:14 - 0348575 _____ () C:\ProgramData\SPL4DE7.tmp
2013-11-12 21:17 - 2013-11-12 21:17 - 25760164 _____ () C:\ProgramData\SPL4E19.tmp
2015-03-07 09:37 - 2015-03-07 09:37 - 0942766 _____ () C:\ProgramData\SPL50DF.tmp
2014-02-23 19:04 - 2014-02-23 19:04 - 10440188 _____ () C:\ProgramData\SPL5175.tmp
2014-06-12 06:30 - 2014-06-12 06:30 - 0441920 _____ () C:\ProgramData\SPL52CB.tmp
2014-05-22 08:37 - 2014-05-22 08:37 - 0425228 _____ () C:\ProgramData\SPL556F.tmp
2014-05-03 02:18 - 2014-05-03 02:18 - 1407583 _____ () C:\ProgramData\SPL561A.tmp
2015-03-23 21:15 - 2015-03-23 21:15 - 1133659 _____ () C:\ProgramData\SPL564A.tmp
2014-12-29 22:30 - 2014-12-29 22:30 - 9198606 _____ () C:\ProgramData\SPL565A.tmp
2014-05-28 14:21 - 2014-05-28 14:21 - 7328272 _____ () C:\ProgramData\SPL572F.tmp
2014-03-20 05:40 - 2014-03-20 05:40 - 29628746 _____ () C:\ProgramData\SPL5775.tmp
2014-04-03 18:45 - 2014-04-03 18:45 - 2760184 _____ () C:\ProgramData\SPL58E6.tmp
2014-01-06 19:42 - 2014-01-06 19:42 - 0402600 _____ () C:\ProgramData\SPL5CCD.tmp
2013-10-09 19:13 - 2013-10-09 19:13 - 2894862 _____ () C:\ProgramData\SPL5E95.tmp
2013-09-29 19:52 - 2013-09-29 19:52 - 0485416 _____ () C:\ProgramData\SPL628A.tmp
2014-06-15 19:14 - 2014-06-15 19:14 - 0517076 _____ () C:\ProgramData\SPL62D7.tmp
2014-04-25 12:59 - 2014-04-25 12:59 - 1407583 _____ () C:\ProgramData\SPL644D.tmp
2014-03-19 11:47 - 2014-03-19 11:47 - 1898069 _____ () C:\ProgramData\SPL6642.tmp
2013-11-03 17:42 - 2013-11-03 17:42 - 2129560 _____ () C:\ProgramData\SPL6BDF.tmp
2014-04-28 00:10 - 2014-04-28 00:10 - 1407583 _____ () C:\ProgramData\SPL7213.tmp
2015-08-17 05:21 - 2015-08-17 05:21 - 2861934 _____ () C:\ProgramData\SPL76D1.tmp
2014-04-26 20:16 - 2014-04-26 20:16 - 1407583 _____ () C:\ProgramData\SPL7722.tmp
2014-04-21 06:50 - 2014-04-21 06:50 - 1187483 _____ () C:\ProgramData\SPL794.tmp
2014-04-25 23:10 - 2014-04-25 23:10 - 1407583 _____ () C:\ProgramData\SPL7EB0.tmp
2013-10-02 06:27 - 2013-10-02 06:27 - 1008808 _____ () C:\ProgramData\SPL80D.tmp
2014-03-11 07:32 - 2014-03-11 07:32 - 0475620 _____ () C:\ProgramData\SPL8161.tmp
2014-04-26 19:58 - 2014-04-26 19:58 - 1407583 _____ () C:\ProgramData\SPL81BC.tmp
2015-08-16 19:32 - 2015-08-16 19:32 - 2861934 _____ () C:\ProgramData\SPL823B.tmp
2013-11-17 09:03 - 2013-11-17 09:03 - 0342540 _____ () C:\ProgramData\SPL836B.tmp
2014-08-08 17:39 - 2014-08-08 17:39 - 0211654 _____ () C:\ProgramData\SPL847B.tmp
2014-04-22 08:04 - 2014-04-22 08:04 - 1407583 _____ () C:\ProgramData\SPL85FD.tmp
2015-07-29 18:25 - 2015-07-29 18:26 - 7179080 _____ () C:\ProgramData\SPL8793.tmp
2014-01-18 12:56 - 2014-01-18 12:56 - 0519475 _____ () C:\ProgramData\SPL8850.tmp
2015-08-12 07:17 - 2015-08-12 07:17 - 2861934 _____ () C:\ProgramData\SPL895F.tmp
2013-08-13 11:22 - 2013-08-13 11:22 - 0354315 _____ () C:\ProgramData\SPL89B0.tmp
2013-10-23 06:51 - 2013-10-23 06:51 - 0949073 _____ () C:\ProgramData\SPL8A.tmp
2013-09-13 21:18 - 2013-09-13 21:18 - 0200758 _____ () C:\ProgramData\SPL8A8E.tmp
2014-04-29 02:22 - 2014-04-29 02:22 - 1407583 _____ () C:\ProgramData\SPL8B9B.tmp
2014-02-23 19:51 - 2014-02-23 19:51 - 9574158 _____ () C:\ProgramData\SPL8CD4.tmp
2015-08-16 21:01 - 2015-08-16 21:01 - 2861934 _____ () C:\ProgramData\SPL9390.tmp
2015-03-29 14:17 - 2015-03-29 14:17 - 4585832 _____ () C:\ProgramData\SPL9419.tmp
2015-03-23 20:23 - 2015-03-23 20:23 - 7625817 _____ () C:\ProgramData\SPL9636.tmp
2014-04-27 01:19 - 2014-04-27 01:19 - 1407583 _____ () C:\ProgramData\SPL9896.tmp
2015-08-17 04:08 - 2015-08-17 04:08 - 2861934 _____ () C:\ProgramData\SPL9DC1.tmp
2014-06-05 08:26 - 2014-06-05 08:26 - 0726104 _____ () C:\ProgramData\SPL9F2B.tmp
2015-07-10 07:35 - 2015-07-10 07:35 - 0750177 _____ () C:\ProgramData\SPL9F5.tmp
2014-04-18 09:13 - 2014-04-18 09:13 - 1768523 _____ () C:\ProgramData\SPL9F79.tmp
2014-05-06 22:25 - 2014-05-06 22:25 - 1407583 _____ () C:\ProgramData\SPL9FD7.tmp
2014-04-22 08:22 - 2014-04-22 08:22 - 1407583 _____ () C:\ProgramData\SPL9FF6.tmp
2014-08-11 08:45 - 2014-08-11 08:45 - 0213868 _____ () C:\ProgramData\SPLA0FD.tmp
2014-02-03 06:47 - 2014-02-03 06:48 - 8693683 _____ () C:\ProgramData\SPLA18.tmp
2015-06-08 21:21 - 2015-06-08 21:21 - 0305865 _____ () C:\ProgramData\SPLA5EF.tmp
2013-12-06 14:19 - 2013-12-06 14:19 - 2868990 _____ () C:\ProgramData\SPLA636.tmp
2014-04-03 06:05 - 2014-04-03 06:05 - 6087277 _____ () C:\ProgramData\SPLA695.tmp
2013-08-07 14:54 - 2013-08-07 14:54 - 0364490 _____ () C:\ProgramData\SPLA8A8.tmp
2013-08-27 05:36 - 2013-08-27 05:36 - 0602436 _____ () C:\ProgramData\SPLA9DE.tmp
2014-04-23 17:48 - 2014-04-23 17:48 - 1407583 _____ () C:\ProgramData\SPLAC07.tmp
2015-07-29 18:52 - 2015-07-29 18:52 - 82738274 _____ () C:\ProgramData\SPLADDB.tmp
2014-08-13 18:16 - 2014-08-13 18:16 - 0209908 _____ () C:\ProgramData\SPLAE4D.tmp
2014-07-15 07:44 - 2014-07-15 07:44 - 0801684 _____ () C:\ProgramData\SPLAEA9.tmp
2014-04-22 08:19 - 2014-04-22 08:19 - 1407583 _____ () C:\ProgramData\SPLB06A.tmp
2014-04-24 06:09 - 2014-04-24 06:09 - 1407583 _____ () C:\ProgramData\SPLB125.tmp
2015-08-06 09:55 - 2015-08-06 09:55 - 0390025 _____ () C:\ProgramData\SPLB294.tmp
2013-08-20 06:33 - 2013-08-20 06:33 - 1048708 _____ () C:\ProgramData\SPLB45E.tmp
2014-05-06 22:22 - 2014-05-06 22:22 - 1407583 _____ () C:\ProgramData\SPLB46F.tmp
2014-04-28 00:07 - 2014-04-28 00:07 - 1407583 _____ () C:\ProgramData\SPLB672.tmp
2014-08-03 20:32 - 2014-08-03 20:32 - 6226109 _____ () C:\ProgramData\SPLB696.tmp
2014-04-23 21:38 - 2014-04-23 21:38 - 1407583 _____ () C:\ProgramData\SPLB75C.tmp
2014-04-23 21:34 - 2014-04-23 21:34 - 1407583 _____ () C:\ProgramData\SPLB9DC.tmp
2014-08-12 08:39 - 2014-08-12 08:39 - 0209516 _____ () C:\ProgramData\SPLBA25.tmp
2014-04-24 06:02 - 2014-04-24 06:02 - 1407583 _____ () C:\ProgramData\SPLBA2A.tmp
2015-08-11 18:59 - 2015-08-11 18:59 - 2861934 _____ () C:\ProgramData\SPLBB2A.tmp
2014-05-22 08:24 - 2014-05-22 08:24 - 0529340 _____ () C:\ProgramData\SPLBC13.tmp
2014-08-06 07:52 - 2014-08-06 07:52 - 1875596 _____ () C:\ProgramData\SPLBDF4.tmp
2014-04-18 16:54 - 2014-04-18 16:54 - 5177788 _____ () C:\ProgramData\SPLBF8F.tmp
2013-08-19 17:57 - 2013-08-19 17:57 - 0606732 _____ () C:\ProgramData\SPLC139.tmp
2014-04-11 05:44 - 2014-04-11 05:44 - 0555404 _____ () C:\ProgramData\SPLC2B2.tmp
2014-07-15 20:29 - 2014-07-15 20:29 - 2622138 _____ () C:\ProgramData\SPLC2CF.tmp
2014-04-27 01:16 - 2014-04-27 01:16 - 1407583 _____ () C:\ProgramData\SPLC428.tmp
2014-05-28 14:25 - 2014-05-28 14:25 - 7328272 _____ () C:\ProgramData\SPLC495.tmp
2013-08-07 04:58 - 2013-08-07 04:58 - 0439812 _____ () C:\ProgramData\SPLC4F6.tmp
2014-11-30 15:47 - 2014-11-30 15:47 - 2391466 _____ () C:\ProgramData\SPLC545.tmp
2014-04-23 17:52 - 2014-04-23 17:52 - 1407583 _____ () C:\ProgramData\SPLC5ED.tmp
2014-05-03 02:18 - 2014-05-03 02:18 - 1407583 _____ () C:\ProgramData\SPLC782.tmp
2014-04-18 08:54 - 2014-04-18 08:54 - 0747049 _____ () C:\ProgramData\SPLC82E.tmp
2013-12-15 14:37 - 2013-12-15 14:37 - 5424865 _____ () C:\ProgramData\SPLCC25.tmp
2015-08-16 17:50 - 2015-08-16 17:50 - 2861934 _____ () C:\ProgramData\SPLCC4F.tmp
2015-05-29 16:04 - 2015-05-29 16:04 - 2438870 _____ () C:\ProgramData\SPLCD33.tmp
2014-04-11 06:05 - 2014-04-11 06:05 - 0553380 _____ () C:\ProgramData\SPLD190.tmp
2014-04-25 12:52 - 2014-04-25 12:52 - 1407583 _____ () C:\ProgramData\SPLD1FE.tmp
2014-06-28 17:04 - 2014-06-28 17:04 - 0209067 _____ () C:\ProgramData\SPLD40.tmp
2014-05-30 16:46 - 2014-05-30 16:46 - 7328272 _____ () C:\ProgramData\SPLD5B5.tmp
2014-02-18 21:30 - 2014-02-18 21:30 - 1210405 _____ () C:\ProgramData\SPLD630.tmp
2014-05-19 18:52 - 2014-05-19 18:52 - 0624368 _____ () C:\ProgramData\SPLDB12.tmp
2013-09-22 07:59 - 2013-09-22 07:59 - 3147907 _____ () C:\ProgramData\SPLDEAB.tmp
2015-04-27 14:49 - 2015-04-27 14:49 - 4807979 _____ () C:\ProgramData\SPLE0B1.tmp
2014-06-01 21:53 - 2014-06-01 21:53 - 7328272 _____ () C:\ProgramData\SPLE0EB.tmp
2014-08-27 10:55 - 2014-08-27 10:55 - 0595252 _____ () C:\ProgramData\SPLE15A.tmp
2014-04-22 08:12 - 2014-04-22 08:12 - 1407583 _____ () C:\ProgramData\SPLE1F5.tmp
2013-11-24 16:52 - 2013-11-24 16:52 - 1148025 _____ () C:\ProgramData\SPLE279.tmp
2014-04-22 08:09 - 2014-04-22 08:09 - 1407583 _____ () C:\ProgramData\SPLE3D8.tmp
2014-07-09 09:09 - 2014-07-09 09:09 - 2377025 _____ () C:\ProgramData\SPLE441.tmp
2014-02-10 15:18 - 2014-02-10 15:18 - 0596660 _____ () C:\ProgramData\SPLE527.tmp
2014-11-16 17:52 - 2014-11-16 17:52 - 0565768 _____ () C:\ProgramData\SPLE558.tmp
2014-06-15 19:08 - 2014-06-15 19:08 - 0517076 _____ () C:\ProgramData\SPLE80D.tmp
2015-02-13 06:54 - 2015-02-13 06:54 - 0618475 _____ () C:\ProgramData\SPLE827.tmp
2014-09-04 20:32 - 2014-09-04 20:32 - 5148594 _____ () C:\ProgramData\SPLEC98.tmp
2015-03-29 20:43 - 2015-03-29 20:43 - 2381002 _____ () C:\ProgramData\SPLED0E.tmp
2013-09-22 17:11 - 2013-09-22 17:11 - 0584698 _____ () C:\ProgramData\SPLEDD1.tmp
2014-04-22 08:05 - 2014-04-22 08:05 - 1407583 _____ () C:\ProgramData\SPLF043.tmp
2015-06-16 09:08 - 2015-06-16 09:08 - 4002780 _____ () C:\ProgramData\SPLF16B.tmp
2013-08-26 21:32 - 2013-08-26 21:32 - 0408132 _____ () C:\ProgramData\SPLF29D.tmp
2015-07-16 21:32 - 2015-07-16 21:32 - 0987159 _____ () C:\ProgramData\SPLF38F.tmp
2013-09-05 12:16 - 2013-09-05 12:16 - 0745612 _____ () C:\ProgramData\SPLF3BE.tmp
2013-08-11 09:05 - 2013-08-11 09:05 - 0371070 _____ () C:\ProgramData\SPLF5A8.tmp
2014-03-30 17:58 - 2014-03-30 17:58 - 2423856 _____ () C:\ProgramData\SPLF5F3.tmp
2015-08-17 08:06 - 2015-08-17 08:06 - 2861934 _____ () C:\ProgramData\SPLF7C.tmp
2014-06-08 21:08 - 2014-06-08 21:08 - 1064983 _____ () C:\ProgramData\SPLFD1D.tmp
2014-04-24 06:03 - 2014-04-24 06:03 - 1407583 _____ () C:\ProgramData\SPLFD32.tmp
2015-07-17 13:19 - 2015-07-17 13:19 - 0439612 _____ () C:\ProgramData\SPLFF8.tmp
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64 => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1 => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5930.0814 => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.5951.0827 => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 => value removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joseph Buckley\AppData\Local\Microsoft\OneDrive\17.3.6201.1019 => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}" => key removed successfully
HKCR\CLSID\{9143e921-7c9a-4d27-ac43-eaccc78cc55a} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-144196732-75696582-2673781294-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-144196732-75696582-2673781294-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => key not found.
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
C:\Users\Joseph Buckley\AppData\Roaming\Mozilla\Firefox\Profiles\sqontvmp.default-1435905646535\extensions\iobitascsurfingprotection@iobit.com => moved successfully
C:\Users\Joseph Buckley\AppData\Roaming\Mozilla\Firefox\Profiles\sqontvmp.default-1435905646535\extensions\iobitascsurfingprotection@iobit.com => path removed successfully
DCLoader; C:\Program Files (x86)\DCLoader\DCLoader.exe [168448 2015-05-18] () [File not signed] <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Program Files (x86)\DCLoader\DCLoader.exe => moved successfully
avgwd => service removed successfully
C:\ProgramData\FastPics.log => moved successfully
C:\ProgramData\lxdu.log => moved successfully
C:\ProgramData\lxduDiagnostics.log => moved successfully
C:\ProgramData\lxduJSW.log => moved successfully
C:\ProgramData\SPL117D.tmp => moved successfully
C:\ProgramData\SPL11C7.tmp => moved successfully
C:\ProgramData\SPL143.tmp => moved successfully
C:\ProgramData\SPL1602.tmp => moved successfully
C:\ProgramData\SPL16F4.tmp => moved successfully
C:\ProgramData\SPL1795.tmp => moved successfully
C:\ProgramData\SPL17A7.tmp => moved successfully
C:\ProgramData\SPL1846.tmp => moved successfully
C:\ProgramData\SPL195.tmp => moved successfully
C:\ProgramData\SPL1972.tmp => moved successfully
C:\ProgramData\SPL19F5.tmp => moved successfully
C:\ProgramData\SPL1BC0.tmp => moved successfully
C:\ProgramData\SPL1C70.tmp => moved successfully
C:\ProgramData\SPL1FC1.tmp => moved successfully
C:\ProgramData\SPL229E.tmp => moved successfully
C:\ProgramData\SPL275D.tmp => moved successfully
C:\ProgramData\SPL277C.tmp => moved successfully
C:\ProgramData\SPL2796.tmp => moved successfully
C:\ProgramData\SPL27F.tmp => moved successfully
C:\ProgramData\SPL285C.tmp => moved successfully
C:\ProgramData\SPL313C.tmp => moved successfully
C:\ProgramData\SPL3330.tmp => moved successfully
C:\ProgramData\SPL333F.tmp => moved successfully
C:\ProgramData\SPL39D2.tmp => moved successfully
C:\ProgramData\SPL39E1.tmp => moved successfully
C:\ProgramData\SPL39F3.tmp => moved successfully
C:\ProgramData\SPL3ACE.tmp => moved successfully
C:\ProgramData\SPL3B78.tmp => moved successfully
C:\ProgramData\SPL3B7D.tmp => moved successfully
C:\ProgramData\SPL3B8C.tmp => moved successfully
C:\ProgramData\SPL3CA6.tmp => moved successfully
C:\ProgramData\SPL3CF2.tmp => moved successfully
C:\ProgramData\SPL3E13.tmp => moved successfully
C:\ProgramData\SPL3FF3.tmp => moved successfully
C:\ProgramData\SPL4098.tmp => moved successfully
C:\ProgramData\SPL4155.tmp => moved successfully
C:\ProgramData\SPL41BE.tmp => moved successfully
C:\ProgramData\SPL41DF.tmp => moved successfully
C:\ProgramData\SPL4854.tmp => moved successfully
C:\ProgramData\SPL4874.tmp => moved successfully
C:\ProgramData\SPL48D2.tmp => moved successfully
C:\ProgramData\SPL49AD.tmp => moved successfully
C:\ProgramData\SPL49BC.tmp => moved successfully
C:\ProgramData\SPL4DE7.tmp => moved successfully
C:\ProgramData\SPL4E19.tmp => moved successfully
C:\ProgramData\SPL50DF.tmp => moved successfully
C:\ProgramData\SPL5175.tmp => moved successfully
C:\ProgramData\SPL52CB.tmp => moved successfully
C:\ProgramData\SPL556F.tmp => moved successfully
C:\ProgramData\SPL561A.tmp => moved successfully
C:\ProgramData\SPL564A.tmp => moved successfully
C:\ProgramData\SPL565A.tmp => moved successfully
C:\ProgramData\SPL572F.tmp => moved successfully
C:\ProgramData\SPL5775.tmp => moved successfully
C:\ProgramData\SPL58E6.tmp => moved successfully
C:\ProgramData\SPL5CCD.tmp => moved successfully
C:\ProgramData\SPL5E95.tmp => moved successfully
C:\ProgramData\SPL628A.tmp => moved successfully
C:\ProgramData\SPL62D7.tmp => moved successfully
C:\ProgramData\SPL644D.tmp => moved successfully
C:\ProgramData\SPL6642.tmp => moved successfully
C:\ProgramData\SPL6BDF.tmp => moved successfully
C:\ProgramData\SPL7213.tmp => moved successfully
C:\ProgramData\SPL76D1.tmp => moved successfully
C:\ProgramData\SPL7722.tmp => moved successfully
C:\ProgramData\SPL794.tmp => moved successfully
C:\ProgramData\SPL7EB0.tmp => moved successfully
C:\ProgramData\SPL80D.tmp => moved successfully
C:\ProgramData\SPL8161.tmp => moved successfully
C:\ProgramData\SPL81BC.tmp => moved successfully
C:\ProgramData\SPL823B.tmp => moved successfully
C:\ProgramData\SPL836B.tmp => moved successfully
C:\ProgramData\SPL847B.tmp => moved successfully
C:\ProgramData\SPL85FD.tmp => moved successfully
C:\ProgramData\SPL8793.tmp => moved successfully
C:\ProgramData\SPL8850.tmp => moved successfully
C:\ProgramData\SPL895F.tmp => moved successfully
C:\ProgramData\SPL89B0.tmp => moved successfully
C:\ProgramData\SPL8A.tmp => moved successfully
C:\ProgramData\SPL8A8E.tmp => moved successfully
C:\ProgramData\SPL8B9B.tmp => moved successfully
C:\ProgramData\SPL8CD4.tmp => moved successfully
C:\ProgramData\SPL9390.tmp => moved successfully
C:\ProgramData\SPL9419.tmp => moved successfully
C:\ProgramData\SPL9636.tmp => moved successfully
C:\ProgramData\SPL9896.tmp => moved successfully
C:\ProgramData\SPL9DC1.tmp => moved successfully
C:\ProgramData\SPL9F2B.tmp => moved successfully
C:\ProgramData\SPL9F5.tmp => moved successfully
C:\ProgramData\SPL9F79.tmp => moved successfully
C:\ProgramData\SPL9FD7.tmp => moved successfully
C:\ProgramData\SPL9FF6.tmp => moved successfully
C:\ProgramData\SPLA0FD.tmp => moved successfully
C:\ProgramData\SPLA18.tmp => moved successfully
C:\ProgramData\SPLA5EF.tmp => moved successfully
C:\ProgramData\SPLA636.tmp => moved successfully
C:\ProgramData\SPLA695.tmp => moved successfully
C:\ProgramData\SPLA8A8.tmp => moved successfully
C:\ProgramData\SPLA9DE.tmp => moved successfully
C:\ProgramData\SPLAC07.tmp => moved successfully
C:\ProgramData\SPLADDB.tmp => moved successfully
C:\ProgramData\SPLAE4D.tmp => moved successfully
C:\ProgramData\SPLAEA9.tmp => moved successfully
C:\ProgramData\SPLB06A.tmp => moved successfully
C:\ProgramData\SPLB125.tmp => moved successfully
C:\ProgramData\SPLB294.tmp => moved successfully
C:\ProgramData\SPLB45E.tmp => moved successfully
C:\ProgramData\SPLB46F.tmp => moved successfully
C:\ProgramData\SPLB672.tmp => moved successfully
C:\ProgramData\SPLB696.tmp => moved successfully
C:\ProgramData\SPLB75C.tmp => moved successfully
C:\ProgramData\SPLB9DC.tmp => moved successfully
C:\ProgramData\SPLBA25.tmp => moved successfully
C:\ProgramData\SPLBA2A.tmp => moved successfully
C:\ProgramData\SPLBB2A.tmp => moved successfully
C:\ProgramData\SPLBC13.tmp => moved successfully
C:\ProgramData\SPLBDF4.tmp => moved successfully
C:\ProgramData\SPLBF8F.tmp => moved successfully
C:\ProgramData\SPLC139.tmp => moved successfully
C:\ProgramData\SPLC2B2.tmp => moved successfully
C:\ProgramData\SPLC2CF.tmp => moved successfully
C:\ProgramData\SPLC428.tmp => moved successfully
C:\ProgramData\SPLC495.tmp => moved successfully
C:\ProgramData\SPLC4F6.tmp => moved successfully
C:\ProgramData\SPLC545.tmp => moved successfully
C:\ProgramData\SPLC5ED.tmp => moved successfully
C:\ProgramData\SPLC782.tmp => moved successfully
C:\ProgramData\SPLC82E.tmp => moved successfully
C:\ProgramData\SPLCC25.tmp => moved successfully
C:\ProgramData\SPLCC4F.tmp => moved successfully
C:\ProgramData\SPLCD33.tmp => moved successfully
C:\ProgramData\SPLD190.tmp => moved successfully
C:\ProgramData\SPLD1FE.tmp => moved successfully
C:\ProgramData\SPLD40.tmp => moved successfully
C:\ProgramData\SPLD5B5.tmp => moved successfully
C:\ProgramData\SPLD630.tmp => moved successfully
C:\ProgramData\SPLDB12.tmp => moved successfully
C:\ProgramData\SPLDEAB.tmp => moved successfully
C:\ProgramData\SPLE0B1.tmp => moved successfully
C:\ProgramData\SPLE0EB.tmp => moved successfully
C:\ProgramData\SPLE15A.tmp => moved successfully
C:\ProgramData\SPLE1F5.tmp => moved successfully
C:\ProgramData\SPLE279.tmp => moved successfully
C:\ProgramData\SPLE3D8.tmp => moved successfully
C:\ProgramData\SPLE441.tmp => moved successfully
C:\ProgramData\SPLE527.tmp => moved successfully
C:\ProgramData\SPLE558.tmp => moved successfully
C:\ProgramData\SPLE80D.tmp => moved successfully
C:\ProgramData\SPLE827.tmp => moved successfully
C:\ProgramData\SPLEC98.tmp => moved successfully
C:\ProgramData\SPLED0E.tmp => moved successfully
C:\ProgramData\SPLEDD1.tmp => moved successfully
C:\ProgramData\SPLF043.tmp => moved successfully
C:\ProgramData\SPLF16B.tmp => moved successfully
C:\ProgramData\SPLF29D.tmp => moved successfully
C:\ProgramData\SPLF38F.tmp => moved successfully
C:\ProgramData\SPLF3BE.tmp => moved successfully
C:\ProgramData\SPLF5A8.tmp => moved successfully
C:\ProgramData\SPLF5F3.tmp => moved successfully
C:\ProgramData\SPLF7C.tmp => moved successfully
C:\ProgramData\SPLFD1D.tmp => moved successfully
C:\ProgramData\SPLFD32.tmp => moved successfully
C:\ProgramData\SPLFF8.tmp => moved successfully
EmptyTemp: => 501.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:42:41 ====

Attached Files



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:49 PM

Posted 12 December 2015 - 05:35 PM

Okay good, awaiting your aswMBR log.

Running out for a short while, but I'll be back within an hour. :)

bloopie

#8 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 06:37 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-12-12 15:10:19
-----------------------------
15:10:19.418    OS Version: Windows x64 6.2.9200
15:10:19.418    Number of processors: 2 586 0x100
15:10:19.418    ComputerName: JPBLAPTOP  UserName:
15:10:21.655    Initialize success
15:10:23.000    VM: initialized successfully
15:10:23.000    VM: Amd CPU supported
15:22:46.381    AVAST engine defs: 15121202
15:22:57.977    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
15:22:57.977    Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 11
15:22:58.291    Disk 0 MBR read successfully
15:22:58.291    Disk 0 MBR scan
15:22:58.384    Disk 0 Windows 7 default MBR code
15:22:58.400    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
15:22:58.431    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       128028 MB offset 52430848
15:22:58.478    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       151615 MB offset 314632192
15:22:58.744    Disk 0 scanning C:\WINDOWS\system32\drivers
15:23:26.336    Service scanning
15:24:29.121    Modules scanning
15:24:29.152    Disk 0 trace - called modules:
15:24:29.230    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
15:24:29.261    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00023c8b060]
15:24:29.277    3 CLASSPNP.SYS[fffff8018ef746c5] -> nt!IofCallDriver -> [0xffffe00023af58d0]
15:24:29.277    5 amd_xata.sys[fffff8018e661d00] -> nt!IofCallDriver -> \Device\0000002c[0xffffe00023afc060]
15:24:30.730    AVAST engine scan C:\WINDOWS
15:24:35.731    AVAST engine scan C:\WINDOWS\system32
15:32:48.354    AVAST engine scan C:\WINDOWS\system32\drivers
15:33:29.161    AVAST engine scan C:\Users\Joseph Buckley
16:06:46.063    AVAST engine scan C:\ProgramData
16:10:17.279    Disk 0 statistics 4852299/0/0 @ 1.73 MB/s
16:10:17.310    Scan finished successfully
17:27:10.789    Disk 0 MBR has been saved successfully to "C:\Users\Joseph Buckley\Desktop\Utilities\MBR.dat"
17:27:10.898    The log file has been saved successfully to "C:\Users\Joseph Buckley\Desktop\Utilities\aswMBR.txt"

 



#9 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 06:39 PM

# AdwCleaner v5.024 - Logfile created 12/12/2015 at 17:30:27
# Updated 07/12/2015 by Xplode
# Database : 2015-12-12.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Joseph Buckley - JPBLAPTOP
# Running from : C:\Users\Joseph Buckley\Desktop\Utilities\adwcleaner_5.024.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [596 bytes] ##########
 


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by Joseph Buckley (administrator) on JPBLAPTOP (12-12-2015 17:32:48)
Running from C:\Users\Joseph Buckley\Desktop\Utilities
Loaded Profiles: Joseph Buckley (Available Profiles: Joseph Buckley & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
( ) C:\Windows\System32\lxducoms.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Dropbox, Inc.) C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [168152 2015-05-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-12-05] (Realtek Semiconductor)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Users\Joseph Buckley\AppData\Local\VIPRE\Setup\CartSdk\sbrc.exe [200560 2012-05-23] (GFI Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-11-03] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3013200 2015-12-10] (Valve Corporation)
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\Run: [Dropbox Update] => C:\Users\Joseph Buckley\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.)
HKU\S-1-5-21-144196732-75696582-2673781294-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-144196732-75696582-2673781294-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012-07-11]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\Users\Joseph Buckley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Joseph Buckley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{98724c10-3992-4714-87ae-c36f631de55b}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a7e1e0f6-8b20-4f4c-8cb4-8c040cb36524}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e0ed2df8-5216-40d2-9699-0eef415bfc83}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{eedb4287-bb39-4498-a37c-e359320cedf2}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{f41bb0e5-5d1a-40bb-914f-91ad7f937b7a}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-30] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-18] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Joseph Buckley\AppData\Roaming\Mozilla\Firefox\Profiles\sqontvmp.default-1435905646535
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @consona.com/ScriptRunner -> C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsr.dll [2010-12-09] (SupportSoft, Inc.)
FF Plugin-x32: @consona.com/SmartIssue -> C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsi.dll [2010-12-09] (SupportSoft, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll [2013-07-03] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Extension: Adblock Plus - C:\Users\Joseph Buckley\AppData\Roaming\Mozilla\Firefox\Profiles\sqontvmp.default-1435905646535\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2013-08-03] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Joseph Buckley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Joseph Buckley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-21]
CHR Extension: (Google Search) - C:\Users\Joseph Buckley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-21]
CHR Extension: (AD Block) - C:\Users\Joseph Buckley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb [2014-01-16]
CHR Extension: (AD Block) - C:\Users\Joseph Buckley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic [2013-11-06]
CHR Extension: (Gmail) - C:\Users\Joseph Buckley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-07-03] (Alcatel-Lucent) [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [1039360 2009-10-16] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 DCLoader; C:\Program Files (x86)\DCLoader\DCLoader.exe -service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2011-10-14] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-02-13] (GFI Software)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-11] (REALiX™)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-12-04] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-09-29] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation                           )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [407768 2015-12-05] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [2599128 2015-05-05] (Realtek Semiconductor Corp.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 aswMBR; C:\Users\Joseph Buckley\AppData\Local\Temp\aswMBR.sys [62728 2015-12-12] () [File not signed]
U3 aswVmm; C:\Users\Joseph Buckley\AppData\Local\Temp\aswVmm.sys [224896 2015-12-12] ()
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 17:26 - 2015-12-12 17:26 - 00016148 _____ C:\WINDOWS\system32\JPBLAPTOP_Joseph Buckley_HistoryPrediction.bin
2015-12-12 08:46 - 2015-12-12 17:29 - 00000000 ____D C:\Users\Joseph Buckley\Desktop\Utilities
2015-12-12 08:32 - 2015-12-12 08:32 - 00000000 ___HD C:\OneDriveTemp
2015-12-11 19:20 - 2015-12-12 17:32 - 00000000 ____D C:\FRST
2015-12-08 20:09 - 2015-12-08 20:09 - 00002429 _____ C:\Users\Joseph Buckley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-08 17:36 - 2015-11-30 18:32 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-08 17:36 - 2015-11-30 18:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 12:51 - 2015-12-01 01:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 12:51 - 2015-12-01 00:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-08 12:51 - 2015-11-30 23:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-08 12:51 - 2015-11-30 23:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-08 12:51 - 2015-11-30 22:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-08 12:51 - 2015-11-24 23:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-08 12:51 - 2015-11-24 23:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-08 12:51 - 2015-11-24 23:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 12:51 - 2015-11-24 23:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 12:51 - 2015-11-24 23:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 12:51 - 2015-11-24 23:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-08 12:51 - 2015-11-24 23:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 12:51 - 2015-11-24 23:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-08 12:51 - 2015-11-24 23:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 12:51 - 2015-11-24 23:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 12:51 - 2015-11-24 23:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 12:51 - 2015-11-24 22:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-08 12:51 - 2015-11-24 22:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 12:51 - 2015-11-24 22:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-08 12:51 - 2015-11-24 22:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-08 12:51 - 2015-11-24 22:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-08 12:51 - 2015-11-24 22:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-08 12:51 - 2015-11-24 22:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-08 12:51 - 2015-11-24 22:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 12:51 - 2015-11-24 22:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 12:51 - 2015-11-24 22:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 12:51 - 2015-11-24 22:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-08 12:51 - 2015-11-24 22:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-08 12:51 - 2015-11-24 22:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-08 12:51 - 2015-11-24 22:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-08 12:51 - 2015-11-24 22:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 12:51 - 2015-11-24 22:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-08 12:51 - 2015-11-24 22:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-08 12:51 - 2015-11-24 22:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 12:51 - 2015-11-24 22:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-08 12:51 - 2015-11-24 22:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 12:51 - 2015-11-24 22:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-08 12:51 - 2015-11-24 22:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 12:51 - 2015-11-24 22:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 12:51 - 2015-11-24 22:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-08 12:51 - 2015-11-24 22:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-08 12:51 - 2015-11-24 22:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 12:51 - 2015-11-24 22:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-08 12:51 - 2015-11-24 22:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-08 12:51 - 2015-11-24 22:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 12:51 - 2015-11-24 22:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-08 12:51 - 2015-11-24 22:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 12:51 - 2015-11-24 22:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 12:51 - 2015-11-24 22:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 12:51 - 2015-11-24 22:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-08 12:51 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 12:51 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 12:51 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 12:51 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 12:51 - 2015-11-24 22:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-08 12:51 - 2015-11-24 22:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-08 12:51 - 2015-11-24 22:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 12:51 - 2015-11-24 22:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-08 12:51 - 2015-11-24 22:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-08 12:51 - 2015-11-24 22:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-08 12:51 - 2015-11-24 22:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 12:51 - 2015-11-24 22:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-08 12:51 - 2015-11-24 22:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 12:51 - 2015-11-24 22:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 12:51 - 2015-11-24 22:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 12:51 - 2015-11-24 22:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 12:51 - 2015-11-24 22:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-08 12:51 - 2015-11-24 22:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-08 12:51 - 2015-11-24 22:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 12:51 - 2015-11-24 22:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 12:51 - 2015-11-24 22:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-08 12:51 - 2015-11-24 22:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 12:51 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 12:51 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 12:51 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 12:51 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 12:51 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 12:51 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 12:50 - 2015-11-30 23:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 12:50 - 2015-11-30 23:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 12:06 - 2015-12-08 12:06 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-08 11:48 - 2015-12-08 12:16 - 00363542 _____ C:\WINDOWS\ntbtlog.txt
2015-12-07 12:41 - 2015-12-07 16:28 - 00046592 _____ C:\Users\Joseph Buckley\Desktop\Buckley Builds Customer DataBase.xls
2015-12-07 12:01 - 2015-12-07 12:01 - 00693794 _____ C:\Users\Joseph Buckley\Downloads\Statements_06_30_2015.pdf
2015-12-07 12:01 - 2015-12-07 12:01 - 00431786 _____ C:\Users\Joseph Buckley\Downloads\Statements_08_02_2015.pdf
2015-12-07 12:01 - 2015-12-07 12:01 - 00386577 _____ C:\Users\Joseph Buckley\Downloads\Statements_08_31_2015.pdf
2015-12-07 11:58 - 2015-12-07 11:58 - 00940668 _____ C:\Users\Joseph Buckley\Downloads\Statements_05_31_2015.pdf
2015-12-07 11:58 - 2015-12-07 11:58 - 00488897 _____ C:\Users\Joseph Buckley\Downloads\Statements_04_30_2015.pdf
2015-12-07 11:57 - 2015-12-07 11:57 - 00982238 _____ C:\Users\Joseph Buckley\Downloads\Statements_12_31_2014.pdf
2015-12-07 11:57 - 2015-12-07 11:57 - 00671208 _____ C:\Users\Joseph Buckley\Downloads\Statements_02_01_2015.pdf
2015-12-07 11:57 - 2015-12-07 11:57 - 00511033 _____ C:\Users\Joseph Buckley\Downloads\Statements_11_02_2014.pdf
2015-12-07 11:57 - 2015-12-07 11:57 - 00485187 _____ C:\Users\Joseph Buckley\Downloads\Statements_03_31_2015.pdf
2015-12-07 11:57 - 2015-12-07 11:57 - 00462709 _____ C:\Users\Joseph Buckley\Downloads\Statements_11_30_2014.pdf
2015-12-07 11:57 - 2015-12-07 11:57 - 00416695 _____ C:\Users\Joseph Buckley\Downloads\Statements_03_01_2015.pdf
2015-12-05 07:32 - 2015-12-05 07:32 - 72203792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-12-05 07:32 - 2015-12-05 07:32 - 04628736 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-12-05 07:32 - 2015-12-05 07:32 - 04005405 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-12-05 07:32 - 2015-12-05 07:32 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 02997504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 02965120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-12-05 07:32 - 2015-12-05 07:32 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 02028664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 01351992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00678184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00677672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00195192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00190552 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00096064 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00093504 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00092480 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00092480 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2015-12-05 07:32 - 2015-12-05 07:32 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 03278408 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00407768 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2015-12-05 07:31 - 2015-12-05 07:31 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-12-05 07:31 - 2015-12-05 07:31 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2015-12-04 18:45 - 2015-12-04 18:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 18:45 - 2015-12-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-04 18:44 - 2015-12-04 19:45 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-04 18:44 - 2015-12-04 18:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-04 18:44 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-04 18:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-04 18:37 - 2015-12-04 18:39 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Joseph Buckley\Desktop\iExplore.exe
2015-12-04 18:33 - 2015-12-04 18:33 - 00002538 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Joseph_Buckley
2015-12-04 18:33 - 2015-12-04 18:33 - 00000316 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Joseph_Buckley.job
2015-12-04 16:29 - 2015-12-12 17:30 - 00000000 ____D C:\AdwCleaner
2015-12-04 15:53 - 2015-12-04 15:53 - 00002876 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-04 15:52 - 2015-12-04 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-04 15:52 - 2015-12-04 15:52 - 00000000 ____D C:\Program Files\CCleaner
2015-12-04 15:43 - 2015-12-04 15:46 - 00274102 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_15.43.59_log.txt
2015-12-04 14:41 - 2015-12-04 14:41 - 00380416 _____ C:\Users\Joseph Buckley\Downloads\owosxx8z.exe
2015-12-01 18:58 - 2015-12-01 18:58 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-01 18:58 - 2015-12-01 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-01 18:57 - 2015-12-01 18:58 - 00000000 ____D C:\Program Files\iTunes
2015-12-01 18:57 - 2015-12-01 18:57 - 00000000 ____D C:\Program Files\iPod
2015-11-28 18:04 - 2015-11-28 18:05 - 00003422 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2015-11-28 18:04 - 2015-11-28 18:05 - 00003088 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Joseph Buckley)
2015-11-28 18:03 - 2015-11-28 18:03 - 13788160 _____ (IObit ) C:\Users\Joseph Buckley\Downloads\driver_booster_setup(7).exe
2015-11-20 21:45 - 2015-11-20 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-11-20 21:42 - 2015-11-20 21:44 - 30003568 _____ (IObit ) C:\Users\Joseph Buckley\Downloads\IObit-Malware-Fighter-Setup(5).exe
2015-11-18 09:32 - 2015-11-18 09:32 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-18 09:32 - 2015-10-30 05:50 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2015-11-18 09:28 - 2015-11-18 09:29 - 00584288 _____ (Oracle Corporation) C:\Users\Joseph Buckley\Downloads\jre-8u66-windows-i586-iftw.exe
2015-11-18 08:51 - 2015-11-18 08:51 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2015-11-18 08:45 - 2015-11-18 08:49 - 39603488 _____ (IObit ) C:\Users\Joseph Buckley\Downloads\advanced-systemcare-setup-v9.exe
2015-11-18 08:45 - 2015-11-18 08:45 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2015-11-18 08:45 - 2015-11-18 08:45 - 00000000 ____D C:\Users\Joseph Buckley\AppData\IObit
2015-11-18 08:45 - 2015-11-18 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2015-11-18 08:42 - 2015-11-18 08:44 - 11147552 _____ (IObit) C:\Users\Joseph Buckley\Downloads\iobituninstaller.exe
2015-11-16 20:12 - 2015-11-16 20:17 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Local\ECSD
2015-11-12 17:24 - 2015-11-12 17:24 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 17:19 - 2015-07-02 22:15 - 00000954 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-144196732-75696582-2673781294-1002UA.job
2015-12-12 16:53 - 2014-08-28 07:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-12 14:49 - 2013-07-06 05:13 - 00000000 ___RD C:\Users\Joseph Buckley\SkyDrive
2015-12-12 14:48 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-12 14:47 - 2015-01-15 16:19 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-12 14:43 - 2015-07-10 06:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-12 14:43 - 2015-07-10 03:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-12 14:40 - 2015-06-09 22:49 - 00000000 ____D C:\Program Files (x86)\DCLoader
2015-12-12 14:19 - 2015-07-02 22:15 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-144196732-75696582-2673781294-1002Core.job
2015-12-12 09:34 - 2015-07-10 05:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-11 19:23 - 2015-07-10 03:05 - 00000000 ____D C:\Windows
2015-12-11 17:54 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-11 17:34 - 2015-07-31 21:09 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-11 06:55 - 2013-07-04 13:13 - 00000000 ___RD C:\Users\Joseph Buckley\Dropbox
2015-12-11 06:55 - 2013-07-04 13:09 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Roaming\Dropbox
2015-12-11 06:42 - 2015-07-31 19:18 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Local\Packages
2015-12-11 03:17 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-10 23:03 - 2012-11-19 20:46 - 00045056 _____ C:\WINDOWS\SysWOW64\acovcnt.exe
2015-12-10 22:43 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Joseph Buckley
2015-12-10 05:19 - 2013-01-12 15:38 - 00000000 ____D C:\ProgramData\IObit
2015-12-09 17:16 - 2015-07-10 06:20 - 00262000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 08:45 - 2015-09-14 20:00 - 00000000 ____D C:\Users\Joseph Buckley\Desktop\Buckley Builds checks 29 Aug 14 to 29 Aug 15
2015-12-09 06:48 - 2015-07-10 05:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-09 06:48 - 2013-01-12 14:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 06:48 - 2013-01-12 14:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 04:16 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-08 21:39 - 2012-11-19 21:15 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 17:59 - 2012-11-19 23:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 17:58 - 2013-01-12 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 17:55 - 2015-07-10 04:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-08 17:54 - 2013-08-15 02:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 17:36 - 2012-11-19 21:52 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 11:59 - 2015-11-02 13:06 - 00001243 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-12-06 23:45 - 2015-08-17 04:07 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-06 23:44 - 2015-02-19 08:28 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Local\Steam
2015-12-06 22:34 - 2012-11-20 00:17 - 00000000 ___RD C:\Users\Joseph Buckley\Documents\Scanned Documents
2015-12-06 20:40 - 2013-11-23 17:22 - 00000000 ____D C:\ProgramData\ProductData
2015-12-05 07:34 - 2015-07-31 18:25 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-05 07:31 - 2012-07-11 23:55 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-12-05 07:29 - 2012-11-19 20:52 - 00060840 _____ C:\Users\Joseph Buckley\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-05 07:10 - 2013-01-12 15:38 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-04 19:46 - 2015-11-08 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-04 18:26 - 2013-01-08 08:31 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-04 16:12 - 2012-07-11 23:58 - 00002804 _____ C:\WINDOWS\system32\AutoRunFilter.ini
2015-12-04 13:26 - 2015-11-08 18:18 - 00000000 ____D C:\VIPRERESCUE
2015-12-04 12:20 - 2012-11-20 00:08 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Local\ElevatedDiagnostics
2015-12-04 11:08 - 2013-02-28 13:05 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Roaming\Nitro PDF
2015-12-04 11:04 - 2015-08-11 21:43 - 00002081 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-12-04 09:23 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-03 14:13 - 2015-08-24 07:35 - 00000000 ____D C:\Users\Joseph Buckley\Desktop\1314 Napoleon, #3
2015-12-01 18:57 - 2015-04-13 21:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-01 18:57 - 2014-01-04 13:29 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-28 18:04 - 2015-10-30 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2015-11-18 12:24 - 2012-07-11 23:58 - 00001774 _____ C:\WINDOWS\system32\ServiceFilter.ini
2015-11-18 09:33 - 2014-12-21 09:33 - 00000000 ____D C:\ProgramData\Oracle
2015-11-18 09:32 - 2015-09-15 06:09 - 00000000 ____D C:\Users\Joseph Buckley\.oracle_jre_usage
2015-11-18 09:32 - 2014-12-21 10:31 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-18 09:32 - 2014-12-21 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-18 09:32 - 2014-12-21 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-18 08:52 - 2013-01-12 15:39 - 00000000 ____D C:\Users\Joseph Buckley\AppData\LocalLow\IObit
2015-11-18 08:52 - 2013-01-12 15:38 - 00000000 ____D C:\Users\Joseph Buckley\AppData\Roaming\IObit

==================== Files in the root of some directories =======

2014-03-14 05:26 - 2014-03-14 05:26 - 0003584 _____ () C:\Users\Joseph Buckley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-15 11:53 - 2015-01-15 11:53 - 0007605 _____ () C:\Users\Joseph Buckley\AppData\Local\Resmon.ResmonCfg
2012-11-20 00:44 - 2012-11-20 00:44 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2012-07-12 00:04 - 2012-07-12 00:04 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-07-12 00:03 - 2012-07-12 00:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-07-12 00:02 - 2012-07-12 00:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Joseph Buckley\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9wpsdc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-03 07:09

==================== End of FRST.txt ============================



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:49 PM

Posted 12 December 2015 - 07:38 PM

Hello again, and sorry for the delay!!

 

I was online, but my four year-old had other plans!
 
Okay, we'll done!  That's looking better! :) 
 
Before we remove the IObit products, we still have a couple of things to do... There were a couple of entries that showed up in your RKill log that we'll need to take care of as well, but I'll need another log or two to confirm, before we go ahead with the rest. :)
 
Step :step1:
 
Now please try and run another scan with MBAM (removing anything it finds), and post the resultant log in your next reply.
Note: You will not have the "Hyper Scan" option available unless you're using the pro version, so if not, then please use the "Threat Scan" option for this run.
 
==========

Step :step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

==========

Step :step3:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure all checkboxes are checked!
  • Press the "Scan" button.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.

==========

 

After running the above steps, please let me know if everything is still running just as well! If anything changes for the good or worse, please let me know immediately! :wink:

 

Also, please let me know if any of the original problems still exist on the machine as of now!

 

--(Originally, you mentioned there was WiFi adapter issues, and Printer Communication issues...most likely those issues are linked.)--

 

We'll attend to those issues as soon as the machine is squeaky clean. ...Sound good? :)

 

You are doing very well, so keep doing what you're doing and let me know if you have any problems! :thumbup2:

 

bloopie



#11 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 08:05 PM

MBAM refuses to run.  Cursor flashes the blue rotating circle as if it is going to run for a fraction of second, then disappears with no further visable activity.



#12 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 08:11 PM

Uninstalled, reinstalled MBAM, got it to launch.  Now it is "Not Responding" while the dashboard was attemting "Checking for updates"



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:49 PM

Posted 12 December 2015 - 08:11 PM

Please try to run RKill first...then once RKill completes and produces it's log, immediately run MBAM. Do not reboot between running RKill and MBAM.

 

==========

 

If MBAM still refuses to run, I'd like you to try and run MBAM when booted into safemode.

 

Please let me know how that goes!

 

bloopie



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:49 PM

Posted 12 December 2015 - 10:12 PM

Please don't miss my last post!

 

If you are still unable to run MBAM even after all of the above, then please go ahead with Steps 2 and/or 3 from Post #10 above.

 

bloopie



#15 sbdiveco

sbdiveco
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2015 - 10:15 PM

In normal mode, RKill runs, MBAM does not.  In safe mode, MBAM loads to full screen, no dashboard, just blank white background, then "Not Responding".  If RKill is run first in safe mode, MBAM behaves the same.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users