Jump to content

00sweeney

Honorary Members
 View Profile  See their activity

  • Posts

    61

  • Joined

  • Last visited

Reputation

0 Neutral
  1. 00sweeney
    It was always an intermittent problem, not something that happened every day or even every week. But it had happened enough and over a long enough period of time that I thought I should ask. I didn't realize that the restarts were coming from blue screens--to me it just looked like it was restarting when I woke it up. I've gotten the bad_pool_header error several times. I didn't realize they might be the same thing.
  2. 00sweeney
    Log Name: Application Source: Microsoft-Windows-Wininit Date: 1/4/2016 3:49:01 AM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Sweenman Description: Checking file system on C: The type of the file system is NTFS. Volume label is Windows8_OS. A disk check has been scheduled. Windows will now check the disk. Stage 1: Examining basic file system structure ... 666880 file records processed. File verification completed. 13128 large file records processed. 0 bad file records processed. Stage 2: Examining file name linkage ... 790404 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered to lost and found. Stage 3: Examining security descriptors ... Cleaning up 18 unused index entries from index $SII of file 0x9. Cleaning up 18 unused index entries from index $SDH of file 0x9. Cleaning up 18 unused security descriptors. Security descriptor verification completed. 61763 data files processed. CHKDSK is verifying Usn Journal... 37919472 USN bytes processed. Usn Journal verification completed. Stage 4: Looking for bad clusters in user file data ... 666864 files processed. File data verification completed. Stage 5: Looking for bad, free clusters ... 58281243 free clusters processed. Free space verification is complete. Windows has scanned the file system and found no problems. No further action is required. 949227519 KB total disk space. 715108192 KB in 393196 files. 186600 KB in 61764 indexes. 0 KB in bad sectors. 807755 KB in use by the system. 65536 KB occupied by the log file. 233124972 KB available on disk. 4096 bytes in each allocation unit. 237306879 total allocation units on disk. 58281243 allocation units available on disk. Internal Info: 00 2d 0a 00 36 f1 06 00 6c b6 09 00 00 00 00 00 .-..6...l....... a5 3f 00 00 57 00 00 00 00 00 00 00 00 00 00 00 .?..W........... Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2016-01-04T08:49:01.000000000Z" /> <EventRecordID>16605</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Sweenman</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is Windows8_OS. A disk check has been scheduled. Windows will now check the disk. Stage 1: Examining basic file system structure ... 666880 file records processed. File verification completed. 13128 large file records processed. 0 bad file records processed. Stage 2: Examining file name linkage ... 790404 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered to lost and found. Stage 3: Examining security descriptors ... Cleaning up 18 unused index entries from index $SII of file 0x9. Cleaning up 18 unused index entries from index $SDH of file 0x9. Cleaning up 18 unused security descriptors. Security descriptor verification completed. 61763 data files processed. CHKDSK is verifying Usn Journal... 37919472 USN bytes processed. Usn Journal verification completed. Stage 4: Looking for bad clusters in user file data ... 666864 files processed. File data verification completed. Stage 5: Looking for bad, free clusters ... 58281243 free clusters processed. Free space verification is complete. Windows has scanned the file system and found no problems. No further action is required. 949227519 KB total disk space. 715108192 KB in 393196 files. 186600 KB in 61764 indexes. 0 KB in bad sectors. 807755 KB in use by the system. 65536 KB occupied by the log file. 233124972 KB available on disk. 4096 bytes in each allocation unit. 237306879 total allocation units on disk. 58281243 allocation units available on disk. Internal Info: 00 2d 0a 00 36 f1 06 00 6c b6 09 00 00 00 00 00 .-..6...l....... a5 3f 00 00 57 00 00 00 00 00 00 00 00 00 00 00 .?..W........... Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>
  3. 00sweeney
    I don't know what happened the first time but it ran the second time, and has been at 13% for two hours. I know that's not uncommon, but unfortunately I have a meeting tomorrow and need access to the computer tonight, so I may have to stop the scan and try re-running it tonight before I go to bed.
  4. 00sweeney
    I ran the chkdsk command, but when it restarted it didn't go to the black screen that I've always seen with disk check--almost instantly I got a message that the disk check was done and it was fine. In the past, disk check has taken several minutes. Then I ran event viewer and followed your instructions but there were no results. I'm going to try chkdsk again. I'll try and get a screen shot of the message I get.
  5. 00sweeney
    I ran scannow (which I'd done not that long ago with no bad results) and this time it said it found and fixed corrupt files. But when I rebooted and ran the command you asked me to, it gave me an empty file, which I'm unable to attach--error message "Upload skipped, no file was selected for upload"--even though the file was selected. I don't think it makes a difference, but I got to the command line through win + X, not win + R, since I needed admin privileges and that was the quickest way. I will do the disk scan now.
  6. 00sweeney
    It probably doesn't matter, but this is the command I used before I had to restore the system: "verifier.exe /standard /all".
  7. 00sweeney
    Here you go. I'm sorry about what happened. When I saw that the restarts were the result of a bad pool error BDOD which has happened several times before, I wanted to check again and make sure it wasn't a driver issue and that I wasn't wasting everyone's time. I've used the command line a million times and I've never had it turn on me like that. zoek-results.txt WhoCrashed.txt FRST.txt
  8. 00sweeney
    As I'd said, I'd gotten this bad pool error before, and I'd read it might have something to do with drivers. I thought I'd updated everything, but I came a cross a command prompt that was supposed to check--I can't find the prompt right now. When I went to reboot, it couldn't start. None of the Windows trouble shooters worked, so I restored. (Wanted to say all this in original reply but had to leave for work.)
  9. 00sweeney
    Here you go. FYI, I had to restore the machine to a restore point from 12/31. Addition.txt FRST.txt
  10. 00sweeney
    Here you go. I've gotten a bad_pool_header blue screens in the past. WhoCrashed.txt zoek-results.log
  11. 00sweeney
    Also--and please forgive me if I'm being one of those "a little knowledge is a dangerous thing" kind of guys--but this shows up in the Event Log--is it connected? "The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xffffe00058894d80, 0x0000000000000000, 0xffffe00058894d80). A dump was saved in: C:\WINDOWS\Minidump\010116-31562-01.dmp. Report Id: 010116-31562-01."
  12. 00sweeney
    Thanks for the swift reply. Here are the logs. I will uninstall the programs you mentioned, but I have a question--the only thing I used Advanced System Care for was the check disk option--which ran a lot faster than Windows chkdsk did, and often seemed to find problems. Is there another 3rd party disk check utility that you'd recommend? Also--I use Bittorrent, but it's not set to run at startup and I will not use it while we're working on the problem. I am 99% sure there's no pirated software on my machine, but if you see something please let me know. The reason I contacted you was that a quick Google suggested that unwanted restarts might be the result of malware. I don't know if it's worth a mention, but it can take a while for some programs, like Firefox to start, and often after the machine has been on for a while, the Windows Start menu and Search is very sluggish, but I understand that may be a Windows issue. Thanks for any help. FRST.txt Addition.txt
  13. 00sweeney
    That's pretty much it. It's also restarted a couple of times when it was on. I'm not a noob, but I'm far from an expert. I look in Event Viewer after it happens, and it seemed like there was definitely something going on, but I don't have the skills to tell what it is. I've run MBAM and BitDefender and found nothing (or found stuff that didn't fix the problem. I've cut and pasted or attached the Farbar Recovery files. Thanks for any help. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015 Ran by Matt (administrator) on SWEENMAN (01-01-2016 16:25:26) Running from C:\Users\Matt\Downloads Loaded Profiles: Matt (Available Profiles: Matt & Administrator) Platform: Windows 10 Home (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe (LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe (Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe () C:\Windows\jmesoft\Service.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe () C:\Program Files (x86)\WizMouse\WizMouse.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe (Amazon.com Inc.) C:\Users\Matt\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe (Lenovo) C:\Windows\jmesoft\hotkey.exe () C:\Windows\jmesoft\JME_LOAD.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\Windows\System32\MdRes.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Kerish Products) C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Bongiovi Acoustics) C:\Program Files\Bongiovi Acoustics\Digital Power Station\Digital Power Station.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe () C:\Program Files\Everything\Everything.exe () C:\Program Files\Everything\Everything.exe (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [igfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-17] () HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-12] (Bitdefender) HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-12] (Bitdefender) HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Run: [Google Update] => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Run: [Amazon Cloud Drive] => C:\Users\Matt\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [1939264 2015-12-10] (Amazon.com Inc.) HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoPreviewPane] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoWinkeys] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [HideSCANetwork] 0 HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [HideSCAVolume] 0 ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.4.75.8 10.4.75.6 Tcpip\..\Interfaces\{b7a82a89-03f8-45d9-b60a-65270b3eec38}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{c5735d39-658c-47e6-a04e-3ea9fa18c3ef}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{c5735d39-658c-47e6-a04e-3ea9fa18c3ef}: [DhcpNameServer] 10.4.75.8 10.4.75.6 Tcpip\..\Interfaces\{d7988758-0ccc-4645-a431-b6c554292081}: [DhcpNameServer] 10.4.75.8 10.4.75.6 Internet Explorer: ================== HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {796618C8-A71E-40E6-892F-590BADEFE11C} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3806041126-2152684015-2072828150-1001 -> DefaultScope {796618C8-A71E-40E6-892F-590BADEFE11C} URL = SearchScopes: HKU\S-1-5-21-3806041126-2152684015-2072828150-1001 -> {796618C8-A71E-40E6-892F-590BADEFE11C} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-10-29] (IObit) BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-03] (Bitdefender) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-10] (Oracle Corporation) BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-10] (Oracle Corporation) Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender) Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-03] (Bitdefender) Toolbar: HKU\S-1-5-21-3806041126-2152684015-2072828150-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-23] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212 FF DefaultSearchEngine.US: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-10] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-23] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @talk.google.com/O1DPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel) FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel) FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Extension: DownThemAll! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-27] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\artur.dubovoy@gmail.com [2015-12-27] FF Extension: Empty Cache Button - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2015-12-27] FF Extension: DisableBackspaceNavigation - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\{40520fe7-6336-4df2-bab1-1f1f8e11bf27}.xpi [2015-12-27] FF Extension: about:addons-memory - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\about-addons-memory@tn123.org.xpi [2015-12-27] FF Extension: Fess Google Bookmark Extension - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\GBE@fess16.blogspot.com.xpi [2015-12-27] FF Extension: Wiktionary and Google Translate - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\googledictionary@toptip.ca.xpi [2015-12-27] FF Extension: Gmail Notifier (restartless) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-12-31] FF Extension: Translate This! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2015-12-27] FF Extension: RAMBack - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\ramback@pavlov.net.xpi [2015-12-27] FF Extension: FastestFox - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\smarterwiki@wikiatic.com.xpi [2015-12-27] FF Extension: Free Memory Button - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\tb-free-memory-single@codefisher.org.xpi [2015-12-27] FF Extension: Thumbnail Zoom Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\thumbnailZoom@dadler.github.com.xpi [2015-12-27] FF Extension: TinEye Reverse Image Search - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\tineye@ideeinc.com.xpi [2015-12-27] FF Extension: uBlock Origin - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\uBlock0@raymondhill.net.xpi [2015-12-29] FF Extension: Google Shortcuts - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2015-12-27] FF Extension: ReminderFox - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-12-27] FF Extension: StumbleUpon - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2015-12-27] FF Extension: Download YouTube Videos as MP4 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-12-27] FF Extension: Video DownloadHelper - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-27] FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-27] FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff [2015-12-15] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-06-22] [not signed] FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext Chrome: ======= CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-14] CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-14] CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (ShowPassword) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2015-12-09] CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10] CHR Extension: (Right-Click Search IMDb) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbchccggcmgoabfolahgafbfapoejkcn [2015-09-14] CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01] CHR Extension: (Right-Click Search Wikipedia) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje [2015-09-14] CHR Extension: (Video Downloader professional) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-09-14] CHR Extension: (Bitdefender Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-11-08] CHR Extension: (Google Play Music) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-09] CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-14] CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23] CHR Extension: (AdBlock) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-09] CHR Extension: (Spell Checker for Chrome) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2015-09-15] CHR Extension: (Add to Google Bookmarks (context menu)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\keobkeaihgkidbpfjojklhjjlfjgaejp [2015-09-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-14] CHR Extension: (WebRTC Network Limiter) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2015-11-08] CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-14] CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-14] CHR Extension: (Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-14] CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-14] CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-14] CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-14] CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-14] CHR HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit) S3 atserv; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe [495776 2013-10-07] (Bitdefender) S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender) S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation) R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed] S3 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-04] (Intel Corporation) R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed] R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2013-01-17] (Microsoft) [File not signed] R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed] R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.) S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] () S4 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-10] (Maxthon) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-09] (Electronic Arts) S4 reaConverter_service; C:\Program Files (x86)\reaConverter 7 Standard\rc_service.exe [2129408 2015-06-19] () [File not signed] R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-08-25] () S4 SuperRam; C:\Program Files (x86)\PGWARE\SuperRam\SuperRamService.exe [1939608 2015-08-09] (PGWARE LLC) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender) S3 UPDATESRV_ANTITHEFT; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe [67320 2013-10-04] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-18] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] () S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] () R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-12-15] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-01-09] (BitDefender SRL) S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-10-23] (Digiarty Software, Inc.) R3 digitalpower; C:\Windows\system32\drivers\digitalpower.sys [29184 2015-07-30] (Bongiovi Acoustics) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] () R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-13] () S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-01] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-24] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-28] (Realtek ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4164352 2015-06-05] (Realtek Semiconductor Corporation ) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2015-09-13] () R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [241920 2015-06-19] (Vimicro Corporation) R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [24576 2015-08-28] (Vimicro Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-10-11] (wisecleaner.com) R1 WiseTdiFw; C:\WINDOWS\WiseTdiFw64.sys [31272 2015-01-12] (WiseCleaner.com) [File not signed] S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-01 16:25 - 2016-01-01 16:27 - 00033677 _____ C:\Users\Matt\Downloads\FRST.txt 2016-01-01 16:22 - 2016-01-01 16:25 - 02370560 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe 2016-01-01 16:09 - 2016-01-01 16:09 - 00016148 _____ C:\WINDOWS\system32\SWEENMAN_Matt_HistoryPrediction.bin 2016-01-01 15:41 - 2016-01-01 15:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-01-01 02:30 - 2016-01-01 02:30 - 00000222 _____ C:\Users\Matt\Desktop\Sherlock Holmes and The Hound of The Baskervilles.url 2016-01-01 00:54 - 2016-01-01 00:54 - 00000222 _____ C:\Users\Matt\Desktop\The 39 Steps.url 2015-12-29 10:05 - 2016-01-01 15:38 - 00151379 ____N C:\WINDOWS\Minidump\010116-31562-01.dmp 2015-12-28 22:21 - 2016-01-01 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-28 15:11 - 2015-12-28 15:11 - 00000222 _____ C:\Users\Matt\Desktop\Paradise Island - VR MMO.url 2015-12-27 00:24 - 2015-12-27 00:24 - 00000000 ____D C:\Users\Matt\Desktop\Old Firefox Data 2015-12-26 00:52 - 2015-12-26 00:52 - 00001357 _____ C:\Users\Public\Desktop\Wise Memory Optimizer.lnk 2015-12-23 22:07 - 2015-12-23 22:07 - 00001168 _____ C:\Users\Public\Desktop\Soft Organizer.lnk 2015-12-23 21:41 - 2015-12-23 21:41 - 00000000 ____D C:\Users\Matt\Documents\Add-in Express 2015-12-23 21:08 - 2016-01-01 04:51 - 00000000 ____D C:\Users\Matt\AppData\Roaming\CDisplayEx 2015-12-23 21:08 - 2015-12-23 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx 2015-12-23 21:08 - 2015-12-23 21:08 - 00000000 ____D C:\Program Files\CDisplayEx 2015-12-23 10:07 - 2015-12-29 10:05 - 00151379 ____N C:\WINDOWS\Minidump\122915-33781-01.dmp 2015-12-22 01:44 - 2015-12-22 01:44 - 00000000 ____D C:\Users\Matt\AppData\Local\Nico Mak Computing 2015-12-21 20:27 - 2015-12-21 20:27 - 00383976 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-12-20 17:58 - 2015-12-20 17:58 - 91820032 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2015-12-20 17:58 - 2015-12-20 17:58 - 01552384 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2015-12-20 17:58 - 2015-12-20 17:58 - 00061440 _____ C:\WINDOWS\system32\config\SAM.iobit 2015-12-20 17:58 - 2015-12-20 17:58 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2015-12-20 03:40 - 2015-12-20 03:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Batch File Renamer v2.4 2015-12-20 03:40 - 2015-12-20 03:40 - 00000000 ____D C:\Program Files (x86)\Batch File Renamer v2.4 2015-12-17 21:56 - 2015-12-17 21:56 - 00000000 ____D C:\Users\Matt\Desktop\12-24 10pm Sanjiv 2015-12-17 00:41 - 2015-12-17 00:41 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Faasoft Audio Converter 2015-12-17 00:40 - 2015-12-17 00:40 - 00001214 _____ C:\Users\Public\Desktop\Faasoft Audio Converter.lnk 2015-12-17 00:40 - 2015-12-17 00:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Faasoft 2015-12-17 00:40 - 2015-12-17 00:40 - 00000000 ____D C:\Program Files (x86)\Faasoft 2015-12-16 21:18 - 2015-12-16 21:18 - 00000000 ____D C:\Users\Matt\Documents\Coolmuster 2015-12-16 21:18 - 2015-12-16 21:18 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Coolmuster 2015-12-16 21:17 - 2015-12-16 21:17 - 00000000 ____D C:\Users\Matt\Documents\Coolmuster files 2015-12-16 21:17 - 2015-12-16 21:17 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster 2015-12-16 21:17 - 2015-12-16 21:17 - 00000000 ____D C:\Program Files (x86)\Coolmuster 2015-12-16 20:13 - 2016-01-01 01:12 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Amazon Cloud Drive 2015-12-16 20:13 - 2015-12-16 20:14 - 00000000 ____D C:\Users\Matt\AppData\Local\Amazon Cloud Drive 2015-12-16 20:13 - 2015-12-16 20:13 - 00001311 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive.lnk 2015-12-16 20:13 - 2015-12-16 20:13 - 00001299 _____ C:\Users\Matt\Desktop\Amazon Cloud Drive.lnk 2015-12-13 04:23 - 2015-12-13 04:24 - 00000000 ____D C:\Program Files (x86)\ChrisPC Win Experience Index 2015-12-13 04:23 - 2015-12-13 04:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChrisPC Win Experience Index 2015-12-11 19:48 - 2015-12-16 21:22 - 00000000 ____D C:\Users\Matt\Desktop\cloud 2015-12-11 19:32 - 2015-12-11 19:33 - 00038699 _____ C:\Users\Matt\Desktop\8 a play by Dustin Lance Black.txt 2015-12-09 01:16 - 2015-11-30 19:32 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-09 01:16 - 2015-11-30 19:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-08 19:26 - 2015-12-08 19:26 - 00000000 ____D C:\Users\Matt\AppData\Local\TempTaskUpdateDetection4FB29C82-646C-4369-B0A4-42192944377C 2015-12-08 19:00 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-08 19:00 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-08 18:59 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-08 18:59 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-08 18:59 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-08 18:59 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-08 18:59 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-08 18:59 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-08 18:59 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-08 18:59 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-08 18:59 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-08 18:59 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-08 18:59 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-08 18:59 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-08 18:59 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-08 18:59 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-08 18:59 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-08 18:59 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-08 18:59 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-08 18:59 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-08 18:59 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-08 18:59 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-08 18:59 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-08 18:59 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-08 18:59 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-08 18:59 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-08 18:59 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-08 18:59 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-08 18:59 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-08 18:59 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-08 18:59 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-08 18:59 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-08 18:59 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-08 18:59 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-08 18:59 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-08 18:59 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-08 18:59 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-08 18:59 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-08 18:59 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-08 18:59 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-08 18:59 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-08 18:59 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-08 18:59 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-08 18:59 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-08 18:59 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-08 18:59 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-08 18:59 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-08 18:59 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-08 18:59 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-08 18:59 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-08 18:59 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-08 18:59 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-08 18:59 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-08 18:59 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-08 18:59 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-08 18:59 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-08 18:59 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-08 18:59 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-08 18:59 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-08 18:59 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-08 18:59 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-08 18:59 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-08 18:59 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-08 18:59 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-08 18:59 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-08 18:59 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-08 18:59 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-08 18:59 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-08 18:59 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-08 18:59 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL 2015-12-08 18:59 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-08 18:59 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-06 18:34 - 2015-12-06 18:34 - 00000992 _____ C:\Users\Public\Desktop\TEncoder Video Converter.lnk 2015-12-06 01:35 - 2015-12-06 03:31 - 00001600 _____ C:\Users\Matt\Desktop\A vs X.txt 2015-12-05 02:10 - 2015-12-17 03:40 - 00005357 _____ C:\Users\Matt\Desktop\Secret Wars.txt 2015-12-05 00:19 - 2016-01-01 16:24 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-05 00:19 - 2016-01-01 15:41 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-03 20:10 - 2015-12-31 02:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-12-03 20:10 - 2015-12-03 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-12-03 20:09 - 2015-12-03 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-12-02 22:36 - 2015-12-02 22:36 - 00000000 ____D C:\Users\Matt\AppData\Roaming\WinRAR 2015-12-02 22:35 - 2015-12-02 22:35 - 00001059 _____ C:\Users\Public\Desktop\WinRAR.lnk 2015-12-02 22:35 - 2015-12-02 22:35 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-02 22:35 - 2015-12-02 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-02 22:34 - 2015-12-02 22:34 - 00000000 ____D C:\Program Files\WinRAR ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-01 16:25 - 2015-03-24 18:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-01-01 16:25 - 2015-01-16 19:17 - 00000000 ____D C:\FRST 2016-01-01 16:24 - 2014-11-23 15:59 - 00000000 ____D C:\Users\Matt\AppData\Roaming\vlc 2016-01-01 16:23 - 2015-01-14 20:15 - 00000000 ___RD C:\Users\Matt\Desktop\, 2016-01-01 16:09 - 2015-05-19 18:14 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Everything 2016-01-01 16:06 - 2015-01-14 19:45 - 00000000 ____D C:\Users\Matt\AppData\Local\ElevatedDiagnostics 2016-01-01 15:57 - 2014-12-25 21:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-01 15:54 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-01 15:54 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-01-01 15:52 - 2014-05-29 10:11 - 00000000 ____D C:\Users\Matt\AppData\Local\Packages 2016-01-01 15:50 - 2015-08-09 15:50 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{05EE332D-EF33-4BA3-8ECD-7AC4E1D2ED90} 2016-01-01 15:45 - 2015-11-27 22:15 - 00000000 ____D C:\Program Files (x86)\Kerish Doctor 2016-01-01 15:42 - 2014-11-22 22:40 - 00003374 _____ C:\WINDOWS\System32\Tasks\WizMouse 2016-01-01 15:41 - 2014-09-17 22:22 - 00000000 __SHD C:\Users\Matt\IntelGraphicsProfiles 2016-01-01 15:40 - 2015-08-09 04:15 - 00000000 ____D C:\Users\Matt 2016-01-01 15:40 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-01-01 15:39 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-01 15:38 - 2015-08-28 21:21 - 00000000 ____D C:\WINDOWS\Minidump 2016-01-01 15:38 - 2014-12-25 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-01 04:51 - 2015-09-12 19:51 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BitTorrent 2016-01-01 03:02 - 2015-02-23 14:59 - 00000000 ___RD C:\Users\Matt\Downloads\[TV] 2016-01-01 02:34 - 2014-11-22 23:40 - 00000000 ____D C:\Program Files (x86)\Steam 2016-01-01 01:07 - 2014-11-23 02:00 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mp3tag 2015-12-31 20:43 - 2015-08-09 04:31 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-12-31 20:43 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF 2015-12-31 19:13 - 2015-07-10 04:05 - 00000000 ____D C:\Windows 2015-12-31 18:52 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-12-30 18:54 - 2014-11-23 02:31 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps 2015-12-29 20:59 - 2015-09-29 22:10 - 00000000 ____D C:\Users\Matt\.cr3 2015-12-26 23:16 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-12-26 23:15 - 2014-12-18 19:51 - 00232601 _____ C:\bdlog.txt 2015-12-26 00:52 - 2015-09-28 17:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner 2015-12-26 00:52 - 2015-01-15 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer 2015-12-24 20:44 - 2014-11-24 02:08 - 00000000 ____D C:\Users\Matt\AppData\Roaming\dvdcss 2015-12-24 19:11 - 2015-05-25 16:52 - 00000929 _____ C:\Users\Matt\Desktop\..lnk 2015-12-22 23:18 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration 2015-12-22 22:14 - 2014-11-26 21:33 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2015-12-22 02:56 - 2014-01-17 19:20 - 00000000 ____D C:\Program Files\lenovo 2015-12-20 17:59 - 2015-08-09 08:07 - 00000000 ___DC C:\WINDOWS\Panther 2015-12-20 17:38 - 2014-11-28 00:39 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Wise Care 365 2015-12-20 14:21 - 2014-11-25 19:27 - 00000000 ____D C:\ProgramData\IObit 2015-12-17 21:22 - 2015-05-17 22:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\calibre 2015-12-17 01:24 - 2014-12-30 02:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\M8 Software 2015-12-16 20:51 - 2014-11-22 23:39 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-16 20:41 - 2014-11-22 23:39 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-16 04:47 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache 2015-12-16 00:33 - 2014-11-28 02:10 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla 2015-12-15 19:31 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-15 19:30 - 2015-08-22 22:05 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-12-11 19:50 - 2015-03-29 21:05 - 00000000 ____D C:\Users\Matt\AppData\Local\Amazon.com Inc 2015-12-11 01:01 - 2014-11-22 22:41 - 00000000 ____D C:\Users\Matt\AppData\Local\Amazon 2015-12-10 23:40 - 2014-12-31 00:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-10 23:40 - 2014-12-31 00:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-10 23:36 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-12-09 01:25 - 2014-12-31 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-08 22:39 - 2015-08-09 07:42 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-12-06 18:34 - 2015-11-26 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEncoder Video Converter 2015-12-06 18:34 - 2015-11-26 02:12 - 00000000 ____D C:\Program Files\TEncoder Video Converter 2015-12-05 00:19 - 2015-05-16 17:55 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-05 00:19 - 2014-11-22 22:36 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-04 22:28 - 2015-03-24 18:03 - 00000000 ____D C:\Program Files (x86)\National Geographic 2015-12-03 19:11 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-03 19:11 - 2014-01-17 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-12-03 00:49 - 2014-05-28 21:37 - 00000000 ____D C:\Users\Matt\Documents\My Kindle Content 2015-12-02 22:06 - 2015-05-17 22:40 - 00000000 ____D C:\Program Files (x86)\Calibre2 2015-12-02 22:06 - 2014-11-25 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-12-02 19:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF ==================== Files in the root of some directories ======= 2015-09-09 21:56 - 2015-09-09 21:56 - 0001189 _____ () C:\Users\Matt\AppData\Local\recently-used.xbel 2014-11-22 21:15 - 2014-11-22 21:16 - 0000193 _____ () C:\Users\Matt\AppData\Local\RegisteredPackageInformation.xml 2015-09-12 22:04 - 2015-09-12 22:04 - 0007592 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg 2015-02-07 19:16 - 2015-02-07 19:17 - 0000416 _____ () C:\Users\Matt\AppData\Local\winconf.pxt 2015-08-09 11:55 - 2015-08-09 11:55 - 0518613 _____ () C:\ProgramData\1439138746.bdinstall.bin 2015-03-04 22:53 - 2015-03-04 22:53 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip 2015-08-09 04:12 - 2015-08-09 04:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-08-24 20:44 - 2015-12-27 05:14 - 0019535 _____ () C:\ProgramData\empty.ico 2015-07-14 22:48 - 2015-07-14 22:48 - 0005672 _____ () C:\ProgramData\SMRResults501.dat Files to move or delete: ==================== C:\ProgramData\SMRResults501.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-30 19:56 ==================== End of FRST.txt ============================ Addition.txt
  14. 00sweeney
    I'm running Windows 10, but it didn't work with Windows 8.1 either. I've selected show context menu entry, but the context menu entry is not showing when I right-click a scannable item. I have attached a screen shot because I know many of you simply will not believe that I have correctly set the context menu settings.
  15. 00sweeney
    Oh, and THANKS for the reminder about exclusions. I swear I already excluded the whole MBAM folder, but with all the uninstalling and reinstalling, for this and another issue, I forgot to do it again. I don't know if it was directly responsible, but after excluding the files you suggested, I went from 3:15 to under 2 minutes, which is acceptable. As for the other errors you pointed out in another thread--my machine is still under warranty and has phone support. I think I may just give them a call and go through the list,one-by-one and see if they can help. If that doesn't work, I'll investigate further virus-removal help. Thanks again.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.