Jump to content

After putting computer to sleep, it restarts when you wake it up


Recommended Posts

That's pretty much it. It's also restarted a couple of times when it was on. I'm not a noob, but I'm far from an expert. I look in Event Viewer after it happens, and it seemed like there was definitely something going on, but I don't have the skills to tell what it is. I've run MBAM and BitDefender and found nothing (or found stuff that didn't fix the problem. I've cut and pasted or attached the Farbar Recovery files. Thanks for any help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Matt (administrator) on SWEENMAN (01-01-2016 16:25:26)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Windows\jmesoft\Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Amazon.com Inc.) C:\Users\Matt\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\MdRes.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Kerish Products) C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bongiovi Acoustics) C:\Program Files\Bongiovi Acoustics\Digital Power Station\Digital Power Station.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
() C:\Program Files\Everything\Everything.exe
() C:\Program Files\Everything\Everything.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [igfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-12] (Bitdefender)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-12] (Bitdefender)
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Run: [Google Update] => C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Run: [Amazon Cloud Drive] => C:\Users\Matt\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [1939264 2015-12-10] (Amazon.com Inc.)
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\...\Policies\Explorer: [HideSCAVolume] 0
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.4.75.8 10.4.75.6
Tcpip\..\Interfaces\{b7a82a89-03f8-45d9-b60a-65270b3eec38}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c5735d39-658c-47e6-a04e-3ea9fa18c3ef}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c5735d39-658c-47e6-a04e-3ea9fa18c3ef}: [DhcpNameServer] 10.4.75.8 10.4.75.6
Tcpip\..\Interfaces\{d7988758-0ccc-4645-a431-b6c554292081}: [DhcpNameServer] 10.4.75.8 10.4.75.6

Internet Explorer:
==================
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {796618C8-A71E-40E6-892F-590BADEFE11C} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3806041126-2152684015-2072828150-1001 -> DefaultScope {796618C8-A71E-40E6-892F-590BADEFE11C} URL =
SearchScopes: HKU\S-1-5-21-3806041126-2152684015-2072828150-1001 -> {796618C8-A71E-40E6-892F-590BADEFE11C} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-10-29] (IObit)
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-03] (Bitdefender)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-10] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-10] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-03] (Bitdefender)
Toolbar: HKU\S-1-5-21-3806041126-2152684015-2072828150-1001 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @talk.google.com/O1DPlugin -> C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Matt\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3806041126-2152684015-2072828150-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Matt\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: DownThemAll! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-27]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\artur.dubovoy@gmail.com [2015-12-27]
FF Extension: Empty Cache Button - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2015-12-27]
FF Extension: DisableBackspaceNavigation - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\extensions\{40520fe7-6336-4df2-bab1-1f1f8e11bf27}.xpi [2015-12-27]
FF Extension: about:addons-memory - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\about-addons-memory@tn123.org.xpi [2015-12-27]
FF Extension: Fess Google Bookmark Extension - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\GBE@fess16.blogspot.com.xpi [2015-12-27]
FF Extension: Wiktionary and Google Translate - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\googledictionary@toptip.ca.xpi [2015-12-27]
FF Extension: Gmail Notifier (restartless) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-12-31]
FF Extension: Translate This! - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2015-12-27]
FF Extension: RAMBack - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\ramback@pavlov.net.xpi [2015-12-27]
FF Extension: FastestFox - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\smarterwiki@wikiatic.com.xpi [2015-12-27]
FF Extension: Free Memory Button - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\tb-free-memory-single@codefisher.org.xpi [2015-12-27]
FF Extension: Thumbnail Zoom Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\thumbnailZoom@dadler.github.com.xpi [2015-12-27]
FF Extension: TinEye Reverse Image Search - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\tineye@ideeinc.com.xpi [2015-12-27]
FF Extension: uBlock Origin - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\uBlock0@raymondhill.net.xpi [2015-12-29]
FF Extension: Google Shortcuts - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2015-12-27]
FF Extension: ReminderFox - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-12-27]
FF Extension: StumbleUpon - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2015-12-27]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-12-27]
FF Extension: Video DownloadHelper - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-27]
FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\q1a8ceyu.default-1451193856212\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-27]
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff [2015-12-15]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-06-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-14]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-14]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (ShowPassword) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2015-12-09]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Right-Click Search IMDb) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbchccggcmgoabfolahgafbfapoejkcn [2015-09-14]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Right-Click Search Wikipedia) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje [2015-09-14]
CHR Extension: (Video Downloader professional) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-09-14]
CHR Extension: (Bitdefender Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-11-08]
CHR Extension: (Google Play Music) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-09]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-14]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (AdBlock) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-09]
CHR Extension: (Spell Checker for Chrome) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2015-09-15]
CHR Extension: (Add to Google Bookmarks (context menu)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\keobkeaihgkidbpfjojklhjjlfjgaejp [2015-09-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-14]
CHR Extension: (WebRTC Network Limiter) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2015-11-08]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-14]
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-14]
CHR Extension: (Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-14]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-14]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-14]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-14]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-14]
CHR HKU\S-1-5-21-3806041126-2152684015-2072828150-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
S3 atserv; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\atserv.exe [495776 2013-10-07] (Bitdefender)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
S3 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-04] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2013-01-17] (Microsoft) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
S4 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-10] (Maxthon)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-09] (Electronic Arts)
S4 reaConverter_service; C:\Program Files (x86)\reaConverter 7 Standard\rc_service.exe [2129408 2015-06-19] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-08-25] ()
S4 SuperRam; C:\Program Files (x86)\PGWARE\SuperRam\SuperRamService.exe [1939608 2015-08-09] (PGWARE LLC)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
S3 UPDATESRV_ANTITHEFT; C:\Program Files\Bitdefender\Bitdefender Anti-Theft\updatesrv.exe [67320 2013-10-04] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-18] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-12-18] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-01-09] (BitDefender SRL)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-10-23] (Digiarty Software, Inc.)
R3 digitalpower; C:\Windows\system32\drivers\digitalpower.sys [29184 2015-07-30] (Bongiovi Acoustics)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-13] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-24] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-08-28] (Realtek                                            )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4164352 2015-06-05] (Realtek Semiconductor Corporation                           )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2015-09-13] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [241920 2015-06-19] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [24576 2015-08-28] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-10-11] (wisecleaner.com)
R1 WiseTdiFw; C:\WINDOWS\WiseTdiFw64.sys [31272 2015-01-12] (WiseCleaner.com) [File not signed]
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 16:25 - 2016-01-01 16:27 - 00033677 _____ C:\Users\Matt\Downloads\FRST.txt
2016-01-01 16:22 - 2016-01-01 16:25 - 02370560 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2016-01-01 16:09 - 2016-01-01 16:09 - 00016148 _____ C:\WINDOWS\system32\SWEENMAN_Matt_HistoryPrediction.bin
2016-01-01 15:41 - 2016-01-01 15:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-01 02:30 - 2016-01-01 02:30 - 00000222 _____ C:\Users\Matt\Desktop\Sherlock Holmes and The Hound of The Baskervilles.url
2016-01-01 00:54 - 2016-01-01 00:54 - 00000222 _____ C:\Users\Matt\Desktop\The 39 Steps.url
2015-12-29 10:05 - 2016-01-01 15:38 - 00151379 ____N C:\WINDOWS\Minidump\010116-31562-01.dmp
2015-12-28 22:21 - 2016-01-01 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 15:11 - 2015-12-28 15:11 - 00000222 _____ C:\Users\Matt\Desktop\Paradise Island - VR MMO.url
2015-12-27 00:24 - 2015-12-27 00:24 - 00000000 ____D C:\Users\Matt\Desktop\Old Firefox Data
2015-12-26 00:52 - 2015-12-26 00:52 - 00001357 _____ C:\Users\Public\Desktop\Wise Memory Optimizer.lnk
2015-12-23 22:07 - 2015-12-23 22:07 - 00001168 _____ C:\Users\Public\Desktop\Soft Organizer.lnk
2015-12-23 21:41 - 2015-12-23 21:41 - 00000000 ____D C:\Users\Matt\Documents\Add-in Express
2015-12-23 21:08 - 2016-01-01 04:51 - 00000000 ____D C:\Users\Matt\AppData\Roaming\CDisplayEx
2015-12-23 21:08 - 2015-12-23 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2015-12-23 21:08 - 2015-12-23 21:08 - 00000000 ____D C:\Program Files\CDisplayEx
2015-12-23 10:07 - 2015-12-29 10:05 - 00151379 ____N C:\WINDOWS\Minidump\122915-33781-01.dmp
2015-12-22 01:44 - 2015-12-22 01:44 - 00000000 ____D C:\Users\Matt\AppData\Local\Nico Mak Computing
2015-12-21 20:27 - 2015-12-21 20:27 - 00383976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-20 17:58 - 2015-12-20 17:58 - 91820032 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2015-12-20 17:58 - 2015-12-20 17:58 - 01552384 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2015-12-20 17:58 - 2015-12-20 17:58 - 00061440 _____ C:\WINDOWS\system32\config\SAM.iobit
2015-12-20 17:58 - 2015-12-20 17:58 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2015-12-20 03:40 - 2015-12-20 03:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Batch File Renamer v2.4
2015-12-20 03:40 - 2015-12-20 03:40 - 00000000 ____D C:\Program Files (x86)\Batch File Renamer v2.4
2015-12-17 21:56 - 2015-12-17 21:56 - 00000000 ____D C:\Users\Matt\Desktop\12-24 10pm Sanjiv
2015-12-17 00:41 - 2015-12-17 00:41 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Faasoft Audio Converter
2015-12-17 00:40 - 2015-12-17 00:40 - 00001214 _____ C:\Users\Public\Desktop\Faasoft Audio Converter.lnk
2015-12-17 00:40 - 2015-12-17 00:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Faasoft
2015-12-17 00:40 - 2015-12-17 00:40 - 00000000 ____D C:\Program Files (x86)\Faasoft
2015-12-16 21:18 - 2015-12-16 21:18 - 00000000 ____D C:\Users\Matt\Documents\Coolmuster
2015-12-16 21:18 - 2015-12-16 21:18 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Coolmuster
2015-12-16 21:17 - 2015-12-16 21:17 - 00000000 ____D C:\Users\Matt\Documents\Coolmuster files
2015-12-16 21:17 - 2015-12-16 21:17 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster
2015-12-16 21:17 - 2015-12-16 21:17 - 00000000 ____D C:\Program Files (x86)\Coolmuster
2015-12-16 20:13 - 2016-01-01 01:12 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Amazon Cloud Drive
2015-12-16 20:13 - 2015-12-16 20:14 - 00000000 ____D C:\Users\Matt\AppData\Local\Amazon Cloud Drive
2015-12-16 20:13 - 2015-12-16 20:13 - 00001311 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive.lnk
2015-12-16 20:13 - 2015-12-16 20:13 - 00001299 _____ C:\Users\Matt\Desktop\Amazon Cloud Drive.lnk
2015-12-13 04:23 - 2015-12-13 04:24 - 00000000 ____D C:\Program Files (x86)\ChrisPC Win Experience Index
2015-12-13 04:23 - 2015-12-13 04:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChrisPC Win Experience Index
2015-12-11 19:48 - 2015-12-16 21:22 - 00000000 ____D C:\Users\Matt\Desktop\cloud
2015-12-11 19:32 - 2015-12-11 19:33 - 00038699 _____ C:\Users\Matt\Desktop\8 a play by Dustin Lance Black.txt
2015-12-09 01:16 - 2015-11-30 19:32 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-09 01:16 - 2015-11-30 19:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 19:26 - 2015-12-08 19:26 - 00000000 ____D C:\Users\Matt\AppData\Local\TempTaskUpdateDetection4FB29C82-646C-4369-B0A4-42192944377C
2015-12-08 19:00 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-08 19:00 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 18:59 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-08 18:59 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-08 18:59 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-08 18:59 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-08 18:59 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 18:59 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 18:59 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-08 18:59 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-08 18:59 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-08 18:59 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 18:59 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 18:59 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 18:59 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-08 18:59 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 18:59 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-08 18:59 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 18:59 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 18:59 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 18:59 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-08 18:59 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 18:59 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-08 18:59 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-08 18:59 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-08 18:59 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-08 18:59 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-08 18:59 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 18:59 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-08 18:59 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-08 18:59 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-08 18:59 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-08 18:59 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 18:59 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-08 18:59 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-08 18:59 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 18:59 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-08 18:59 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 18:59 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-08 18:59 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 18:59 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 18:59 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-08 18:59 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-08 18:59 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-08 18:59 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-08 18:59 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-08 18:59 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 18:59 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-08 18:59 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 18:59 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 18:59 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-08 18:59 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 18:59 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 18:59 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-08 18:59 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-08 18:59 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 18:59 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-08 18:59 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-08 18:59 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-08 18:59 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 18:59 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-08 18:59 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-08 18:59 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 18:59 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 18:59 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 18:59 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-08 18:59 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-08 18:59 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 18:59 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 18:59 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-08 18:59 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 18:59 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 18:59 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 18:59 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-06 18:34 - 2015-12-06 18:34 - 00000992 _____ C:\Users\Public\Desktop\TEncoder Video Converter.lnk
2015-12-06 01:35 - 2015-12-06 03:31 - 00001600 _____ C:\Users\Matt\Desktop\A vs X.txt
2015-12-05 02:10 - 2015-12-17 03:40 - 00005357 _____ C:\Users\Matt\Desktop\Secret Wars.txt
2015-12-05 00:19 - 2016-01-01 16:24 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 00:19 - 2016-01-01 15:41 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 20:10 - 2015-12-31 02:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-03 20:10 - 2015-12-03 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-12-03 20:09 - 2015-12-03 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-12-02 22:36 - 2015-12-02 22:36 - 00000000 ____D C:\Users\Matt\AppData\Roaming\WinRAR
2015-12-02 22:35 - 2015-12-02 22:35 - 00001059 _____ C:\Users\Public\Desktop\WinRAR.lnk
2015-12-02 22:35 - 2015-12-02 22:35 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-02 22:35 - 2015-12-02 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-02 22:34 - 2015-12-02 22:34 - 00000000 ____D C:\Program Files\WinRAR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 16:25 - 2015-03-24 18:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-01 16:25 - 2015-01-16 19:17 - 00000000 ____D C:\FRST
2016-01-01 16:24 - 2014-11-23 15:59 - 00000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2016-01-01 16:23 - 2015-01-14 20:15 - 00000000 ___RD C:\Users\Matt\Desktop\,
2016-01-01 16:09 - 2015-05-19 18:14 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Everything
2016-01-01 16:06 - 2015-01-14 19:45 - 00000000 ____D C:\Users\Matt\AppData\Local\ElevatedDiagnostics
2016-01-01 15:57 - 2014-12-25 21:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-01 15:54 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-01 15:54 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-01 15:52 - 2014-05-29 10:11 - 00000000 ____D C:\Users\Matt\AppData\Local\Packages
2016-01-01 15:50 - 2015-08-09 15:50 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{05EE332D-EF33-4BA3-8ECD-7AC4E1D2ED90}
2016-01-01 15:45 - 2015-11-27 22:15 - 00000000 ____D C:\Program Files (x86)\Kerish Doctor
2016-01-01 15:42 - 2014-11-22 22:40 - 00003374 _____ C:\WINDOWS\System32\Tasks\WizMouse
2016-01-01 15:41 - 2014-09-17 22:22 - 00000000 __SHD C:\Users\Matt\IntelGraphicsProfiles
2016-01-01 15:40 - 2015-08-09 04:15 - 00000000 ____D C:\Users\Matt
2016-01-01 15:40 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-01 15:39 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-01 15:38 - 2015-08-28 21:21 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-01 15:38 - 2014-12-25 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-01 04:51 - 2015-09-12 19:51 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BitTorrent
2016-01-01 03:02 - 2015-02-23 14:59 - 00000000 ___RD C:\Users\Matt\Downloads\[TV]
2016-01-01 02:34 - 2014-11-22 23:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-01 01:07 - 2014-11-23 02:00 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mp3tag
2015-12-31 20:43 - 2015-08-09 04:31 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-31 20:43 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-31 19:13 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-31 18:52 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-30 18:54 - 2014-11-23 02:31 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2015-12-29 20:59 - 2015-09-29 22:10 - 00000000 ____D C:\Users\Matt\.cr3
2015-12-26 23:16 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-26 23:15 - 2014-12-18 19:51 - 00232601 _____ C:\bdlog.txt
2015-12-26 00:52 - 2015-09-28 17:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\WiseCleaner
2015-12-26 00:52 - 2015-01-15 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2015-12-24 20:44 - 2014-11-24 02:08 - 00000000 ____D C:\Users\Matt\AppData\Roaming\dvdcss
2015-12-24 19:11 - 2015-05-25 16:52 - 00000929 _____ C:\Users\Matt\Desktop\..lnk
2015-12-22 23:18 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Registration
2015-12-22 22:14 - 2014-11-26 21:33 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2015-12-22 02:56 - 2014-01-17 19:20 - 00000000 ____D C:\Program Files\lenovo
2015-12-20 17:59 - 2015-08-09 08:07 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-20 17:38 - 2014-11-28 00:39 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Wise Care 365
2015-12-20 14:21 - 2014-11-25 19:27 - 00000000 ____D C:\ProgramData\IObit
2015-12-17 21:22 - 2015-05-17 22:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\calibre
2015-12-17 01:24 - 2014-12-30 02:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\M8 Software
2015-12-16 20:51 - 2014-11-22 23:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-16 20:41 - 2014-11-22 23:39 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-16 04:47 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-16 00:33 - 2014-11-28 02:10 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2015-12-15 19:31 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 19:30 - 2015-08-22 22:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-11 19:50 - 2015-03-29 21:05 - 00000000 ____D C:\Users\Matt\AppData\Local\Amazon.com Inc
2015-12-11 01:01 - 2014-11-22 22:41 - 00000000 ____D C:\Users\Matt\AppData\Local\Amazon
2015-12-10 23:40 - 2014-12-31 00:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 23:40 - 2014-12-31 00:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 23:36 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 01:25 - 2014-12-31 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 22:39 - 2015-08-09 07:42 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-06 18:34 - 2015-11-26 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEncoder Video Converter
2015-12-06 18:34 - 2015-11-26 02:12 - 00000000 ____D C:\Program Files\TEncoder Video Converter
2015-12-05 00:19 - 2015-05-16 17:55 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 00:19 - 2014-11-22 22:36 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 22:28 - 2015-03-24 18:03 - 00000000 ____D C:\Program Files (x86)\National Geographic
2015-12-03 19:11 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-03 19:11 - 2014-01-17 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-03 00:49 - 2014-05-28 21:37 - 00000000 ____D C:\Users\Matt\Documents\My Kindle Content
2015-12-02 22:06 - 2015-05-17 22:40 - 00000000 ____D C:\Program Files (x86)\Calibre2
2015-12-02 22:06 - 2014-11-25 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-12-02 19:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2015-09-09 21:56 - 2015-09-09 21:56 - 0001189 _____ () C:\Users\Matt\AppData\Local\recently-used.xbel
2014-11-22 21:15 - 2014-11-22 21:16 - 0000193 _____ () C:\Users\Matt\AppData\Local\RegisteredPackageInformation.xml
2015-09-12 22:04 - 2015-09-12 22:04 - 0007592 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2015-02-07 19:16 - 2015-02-07 19:17 - 0000416 _____ () C:\Users\Matt\AppData\Local\winconf.pxt
2015-08-09 11:55 - 2015-08-09 11:55 - 0518613 _____ () C:\ProgramData\1439138746.bdinstall.bin
2015-03-04 22:53 - 2015-03-04 22:53 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2015-08-09 04:12 - 2015-08-09 04:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-24 20:44 - 2015-12-27 05:14 - 0019535 _____ () C:\ProgramData\empty.ico
2015-07-14 22:48 - 2015-07-14 22:48 - 0005672 _____ () C:\ProgramData\SMRResults501.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 19:56

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


I do not recommend usage of IOBIT products, they have bad reputation, and are prone to create problems. The company behind this product was found to be stealing the MBAM database. That is why I suggest to uninstall:

Advanced SystemCare

Driver Booster

Game Booster

IObit Malware Fighter

IObit Uninstaller

Smart Defrag

Surfing Protection

 

When you see a word "Booster", "Optimizer", "TuneUp" or similar it is often some kind of silly application. You cannot "boost" you system more than it actually is. Microsoft optimized Windows perfectly and they are constantly working on improvements, so these tools are just selling you nothing but "fog".

 

Only way to actually boost your system is to upgrade your hardware by adding SSD, more processor power or more ram memory.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  • Please include their content into your next reply.
Link to post
Share on other sites

Thanks for the swift reply. Here are the logs. I will uninstall the programs you mentioned, but I have a question--the only thing I used Advanced System Care for was the check disk option--which ran a lot faster than Windows chkdsk did, and often seemed to find problems. Is there another 3rd party disk check utility that you'd recommend? Also--I use Bittorrent, but it's not set to run at startup and I will not use it while we're working on the problem. I am 99% sure there's no pirated software on my machine, but if you see something please let me know. The reason I contacted you was that a quick Google suggested that unwanted restarts might be the result of malware. I don't know if it's worth a mention, but it can take a while for some programs, like Firefox to start, and often after the machine has been on for a while, the Windows Start menu and Search is very sluggish, but I understand that may be a Windows issue. Thanks for any help.

FRST.txt

Addition.txt

Link to post
Share on other sites

Also--and please forgive me if I'm being one of those "a little knowledge is a dangerous thing" kind of guys--but this shows up in the Event Log--is it connected?

"The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000019 (0x0000000000000003, 0xffffe00058894d80, 0x0000000000000000, 0xffffe00058894d80). A dump was saved in: C:\WINDOWS\Minidump\010116-31562-01.dmp. Report Id: 010116-31562-01."

Link to post
Share on other sites

I cannot believe that third party program can perform a decades present function in Windows OS better than the OS itself. Faster doesn't mean better. All programs similar to ASC shouldn't be used at all. They always show you that there are some errors, they allegedly perform the operations faster/better than Windows itself and all have the other crap functions that essentially do precisely nothing. I don't want to impose my opinion as mandatory, but if you read all the links above, you'll see why I am telling you this.
 
51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 



Download WhoCrashed from here:
http://www.resplendence.com/download/whocrashedSetup.exe
 
This program will try to verify the analysis, which is the cause of driver error.
Note: This program requires installation.

 
 
Double-click to start the installation, and click Next .
  • Check I accept the agreement and then the Next .
    The program install to that location, and under that name by the program you offer.
  • Click Next and in the next window, click Next
  • Check Create a Desktop Icon and then click Next and then Install .
     
     
     
    After you've installed WhoCrashed program, run it.
     
    Note: If you get message that it look like this:
     
    117539_tmb_59577092_Who%20Crashed%20-%20
     
    Click Download the requested file from the Microsoft site now and wait for the process to
    download additional files and installation is complete.

     
     
     
     
    >> When the program starts, click Analyze .
    When scanning is done,click OK .
  • Right-click on the area of the page with the report and select Select All, .
  • Right-click on the area of the page with the report and select copy
  • Open a new Notepad and select past to copy the contents of the logo in the notepad.

Now you can close the program.
 
Please attach here notepad with that logreport.

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

As I'd said, I'd gotten this bad pool error before, and I'd read it might have something to do with drivers. I thought I'd updated everything, but I came a cross a command prompt that was supposed to check--I can't find the prompt right now. When I went to reboot, it couldn't start. None of the Windows trouble shooters worked, so I restored. (Wanted to say all this in original reply but had to leave for work.)

Link to post
Share on other sites

Here you go. I'm sorry about what happened. When I saw that the restarts were the result of a bad pool error BDOD which has happened several times before, I wanted to check again and make sure it wasn't a driver issue and that I wasn't wasting everyone's time. I've used the command line a million times and I've never had it turn on me like that.

zoek-results.txt

WhoCrashed.txt

FRST.txt

Link to post
Share on other sites

Yes, this indicate there is probably some driver in Windows kernel that makes all the mess.

 

2eyjdoj.pngSystem File Checker
  • Press WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • sfc /scannow
  • Windows will begin with system scan.
  • When done, please reboot your system.
 
System File Checker report:
  • Press WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
  • Attach sfcdetails.txt from your Desktop in your next reply.
 
 


cmd_icon.png Check Disk
  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

I ran scannow (which I'd done not that long ago with no bad results) and this time it said it found and fixed corrupt files. But when I rebooted and ran the command you asked me to, it gave me an empty file, which I'm unable to attach--error message "Upload skipped, no file was selected for upload"--even though the file was selected. I don't think it makes a difference, but I got to the command line through win + X, not win + R, since I needed admin privileges and that was the quickest way. I will do the disk scan now.

Link to post
Share on other sites

I ran the chkdsk command, but when it restarted it didn't go to the black screen that I've always seen with disk check--almost instantly I got a message that the disk check was done and it was fine. In the past, disk check has taken several minutes. Then I ran event viewer and followed your instructions but there were no results. I'm going to try chkdsk again. I'll try and get a screen shot of the message I get.

Link to post
Share on other sites

I don't know what happened the first time but it ran the second time, and has been at 13% for two hours. I know that's not uncommon, but unfortunately I have a meeting tomorrow and need access to the computer tonight, so I may have to stop the scan and try re-running it tonight before I go to bed.

Link to post
Share on other sites

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          1/4/2016 3:49:01 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Sweenman
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows8_OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  666880 file records processed.                                                        

File verification completed.
  13128 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  790404 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    


Stage 3: Examining security descriptors ...
Cleaning up 18 unused index entries from index $SII of file 0x9.
Cleaning up 18 unused index entries from index $SDH of file 0x9.
Cleaning up 18 unused security descriptors.
Security descriptor verification completed.
  61763 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37919472 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  666864 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  58281243 free clusters processed.                                                       

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

 949227519 KB total disk space.
 715108192 KB in 393196 files.
    186600 KB in 61764 indexes.
         0 KB in bad sectors.
    807755 KB in use by the system.
     65536 KB occupied by the log file.
 233124972 KB available on disk.

      4096 bytes in each allocation unit.
 237306879 total allocation units on disk.
  58281243 allocation units available on disk.

Internal Info:
00 2d 0a 00 36 f1 06 00 6c b6 09 00 00 00 00 00  .-..6...l.......
a5 3f 00 00 57 00 00 00 00 00 00 00 00 00 00 00  .?..W...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-01-04T08:49:01.000000000Z" />
    <EventRecordID>16605</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Sweenman</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows8_OS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  666880 file records processed.                                                        

File verification completed.
  13128 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  790404 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    


Stage 3: Examining security descriptors ...
Cleaning up 18 unused index entries from index $SII of file 0x9.
Cleaning up 18 unused index entries from index $SDH of file 0x9.
Cleaning up 18 unused security descriptors.
Security descriptor verification completed.
  61763 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37919472 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  666864 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  58281243 free clusters processed.                                                       

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

 949227519 KB total disk space.
 715108192 KB in 393196 files.
    186600 KB in 61764 indexes.
         0 KB in bad sectors.
    807755 KB in use by the system.
     65536 KB occupied by the log file.
 233124972 KB available on disk.

      4096 bytes in each allocation unit.
 237306879 total allocation units on disk.
  58281243 allocation units available on disk.

Internal Info:
00 2d 0a 00 36 f1 06 00 6c b6 09 00 00 00 00 00  .-..6...l.......
a5 3f 00 00 57 00 00 00 00 00 00 00 00 00 00 00  .?..W...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Link to post
Share on other sites

It was always an intermittent problem, not something that happened every day or even every week. But it had happened enough and over a long enough period of time that I thought I should ask. I didn't realize that the restarts were coming from blue screens--to me it just looked like it was restarting when I woke it up. I've gotten the bad_pool_header error several times. I didn't realize they might be the same thing.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.