Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent Internet connectivity after malware incident.


  • This topic is locked This topic is locked
2 replies to this topic

#1 jayoverhol

jayoverhol

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 08 July 2016 - 05:31 PM

*moderator edit: moved from Web Browsing/Email and Other Internet Applications to Malware Removal Logs. FRST logs are allowed only in MRL forum. It is worth a look by a Malware Removal Team member to see if you did remove all malware. ~ Queen-Evie*

 

 

I accidently clicked on a setup file I should not have and it caused a lot of problems. It installed many malware programs. I believe I have successfully removed all of it but my internet connection keeps going up and down and sometimes it shows as "limited"
 
Also, ever since this happened, a new wireless network is available called "Hidden Network". Don't know what it is or if it's even related to this problem.
 
Here's what I've done so far...
 
I downloaded Malwarebytes, scanned and deleted several items. One thing I had to do manually because it did not detect it. It was running in my temp files and would instantly close any window I tried to open. 
 
I also have Iorbit Malware Fighter and 360 Total Security installed. I have disabled all of them thinking maybe one of them was responsible.
 
I also hooked up a usb wifi adapter and had the exact same problem with it. I would keep getting the same "DNS" error.
 
I then ran FRST. Here's the FRST.txt file readout....
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by jayov_000 (administrator) on MAIN (08-07-2016 16:48:14)
Running from C:\Users\jayov_000\Desktop
Loaded Profiles: jayov_000 (Available Profiles: jayov_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\windows\System32\GWX\GWX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2016-06-21] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5890848 2016-04-26] (IObit)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-08] (Valve Corporation)
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\MountPoints2: {03cccf1f-049b-11e5-8261-64510659ffa0} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\MountPoints2: {1482c209-dcd7-11e5-827d-64510659ffa0} - "G:\setup.exe" 
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\MountPoints2: {1fc023b1-86ab-11e5-8271-64510659ffa0} - "H:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [WinResSync] => C:\windows\system32\regsvr32.exe /s "C:\Users\jayov_000\AppData\Roaming\Microsoft\Protect\65555_65555_2444_0_b3dcc.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\windows\system32\regsvr32.exe /s "C:\Users\jayov_000\AppData\Roaming\Microsoft\Protect\65555_65555_2444_0_b3dcc.rs"
Startup: C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP OfficeJet 3830 series.lnk [2016-07-08]
ShortcutTarget: Monitor Ink Alerts - HP OfficeJet 3830 series.lnk -> C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-06-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2549F1B2-0D36-4A8B-BA80-1581CF8BA596}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DA231394-DB4E-4E3B-903F-25D5E4FDF6A3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DD27B378-D54A-4529-AF6D-A53AC62B0686}: [NameServer] 168.95.1.1
Tcpip\..\Interfaces\{DD27B378-D54A-4529-AF6D-A53AC62B0686}: [DhcpNameServer] 168.95.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-163670896-107507206-120751362-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-163670896-107507206-120751362-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-163670896-107507206-120751362-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-163670896-107507206-120751362-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {6E249E78-EAE1-412A-A55E-1F722A3C37D2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {6E249E78-EAE1-412A-A55E-1F722A3C37D2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-163670896-107507206-120751362-1001 -> {6E249E78-EAE1-412A-A55E-1F722A3C37D2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll => No File
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-06-21] (Qihu 360 Software Co., Ltd.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MCC73A2B0-1DA7-4323-9DCE-0E910D9ACBEF&SearchSource=55&CUI=&UM=8&UP=SPBFF8A648-4776-492F-AEAA-B02807798FEE&D=062616&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MCC73A2B0-1DA7-4323-9DCE-0E910D9ACBEF&SearchSource=55&CUI=&UM=8&UP=SPBFF8A648-4776-492F-AEAA-B02807798FEE&D=062616&SSPV=","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MCC73A2B0-1DA7-4323-9DCE-0E910D9ACBEF&SearchSource=55&CUI=&UM=8&UP=SPBFF8A648-4776-492F-AEAA-B02807798FEE&D=062616&SSPV="
CHR Profile: C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (ColorZilla) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-07-10]
CHR Extension: (YouTube) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Cookies Button) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbhnmbolemgkcaglljmkkpcdelmbage [2015-04-29]
CHR Extension: (Google Search) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Sheets) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Click&Clean) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-06-27]
CHR Extension: (AdBlock) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-07]
CHR Extension: (Unlimited Free VPN - Betternet) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-04-24]
CHR Extension: (Incognito This!) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnaplnkjfjncegmphmlfpggildllbho [2015-12-25]
CHR Extension: (Online and download your movie! [FE]) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmkidjmdndemnaedpemmbgokmppefgl [2015-04-29]
CHR Extension: (RoboForm Lite Password Manager) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj [2015-04-29]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-05-15]
CHR Extension: (Download Master) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-04-10]
CHR Extension: (AVG Secure Search) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Click&Clean App) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-06-04]
CHR Extension: (Gmail) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1580320 2016-04-22] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [913832 2016-06-21] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-21] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [54800 2016-06-23] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-06-21] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-06-21] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-03-03] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-06-21] (360.cn)
S3 A5AGU; C:\Windows\system32\DRIVERS\AGUx64.sys [1077760 2008-08-06] (D-Link Corporation)
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [101104 2016-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-06-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [277232 2016-06-23] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [101376 2016-06-23] (Advanced Micro Devices)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-06-21] (360.cn)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-03-10] (REALiX™)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-03-31] (IObit)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
U5 pgusbwdm; C:\Windows\System32\Drivers\pgusbwdm.sys [466496 2010-08-13] (usb-audio.de)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-03-31] (IObit.com)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2016-04-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [5411584 2016-06-15] (Realtek Semiconductor Corporation                           )
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-08 16:48 - 2016-07-08 16:48 - 00023163 _____ C:\Users\jayov_000\Desktop\FRST.txt
2016-07-08 16:47 - 2016-07-08 16:47 - 02390016 _____ (Farbar) C:\Users\jayov_000\Desktop\FRST64.exe
2016-07-08 16:46 - 2016-07-08 16:47 - 03712064 _____ C:\Users\jayov_000\Desktop\AdwCleaner.exe
2016-07-08 16:34 - 2016-07-08 16:39 - 00000278 _____ C:\Users\jayov_000\Desktop\New Text Document (4).txt
2016-07-08 16:33 - 2016-07-08 16:33 - 00002874 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (jayov_000)
2016-07-08 15:17 - 2016-07-08 15:18 - 00000000 ____D C:\Users\jayov_000\AppData\Local\MetaGeek,_LLC
2016-07-08 15:16 - 2016-07-08 15:16 - 00002535 _____ C:\Users\Public\Desktop\inSSIDer Home.lnk
2016-07-08 15:16 - 2016-07-08 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
2016-07-08 15:16 - 2016-07-08 15:16 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2016-07-08 14:41 - 2016-07-08 14:43 - 04767744 _____ C:\Users\jayov_000\Downloads\inSSIDer-installer.msi
2016-07-08 14:41 - 2016-07-08 14:43 - 04767744 _____ C:\Users\jayov_000\Downloads\inSSIDer-installer (1).msi
2016-07-07 04:33 - 2016-07-07 21:34 - 00000358 _____ C:\windows\Tasks\HPCeeScheduleForjayov_000.job
2016-07-07 04:33 - 2016-07-07 04:33 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForjayov_000
2016-07-03 03:40 - 2016-07-03 03:41 - 00000296 _____ C:\windows\Tasks\Uninstaller_SkipUac_jayov_000.job
2016-07-03 03:40 - 2016-07-03 03:40 - 00002404 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_jayov_000
2016-06-29 23:03 - 2016-07-08 14:36 - 00000000 ____D C:\windows\LastGood
2016-06-29 23:03 - 2016-06-29 23:03 - 00001899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control Panel.lnk
2016-06-29 15:54 - 2016-06-29 15:54 - 00000000 ____D C:\windows\LastGood.Tmp
2016-06-28 18:06 - 2016-06-28 18:06 - 00002028 _____ C:\Users\Public\Desktop\EZdrummer.lnk
2016-06-27 21:33 - 2016-06-27 21:33 - 00001170 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-06-27 21:33 - 2016-06-27 21:33 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-06-27 21:33 - 2016-06-21 00:02 - 00370768 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys
2016-06-27 17:19 - 2016-06-29 16:25 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-06-27 17:19 - 2016-06-27 17:21 - 00000000 ____D C:\Users\jayov_000\AppData\Local\Innovative Solutions
2016-06-27 17:19 - 2016-06-27 17:19 - 19316456 _____ (Innovative Solutions ) C:\Users\jayov_000\Downloads\Advanced_Uninstaller11.exe
2016-06-27 17:18 - 2016-06-27 17:18 - 00027828 _____ C:\Users\jayov_000\Downloads\Addition.txt
2016-06-27 17:17 - 2016-07-08 16:47 - 00000000 ____D C:\FRST
2016-06-27 17:17 - 2016-06-27 17:18 - 00063806 _____ C:\Users\jayov_000\Downloads\FRST.txt
2016-06-27 17:16 - 2016-06-27 17:17 - 02193920 _____ (Farbar) C:\Users\jayov_000\Downloads\FRST64.exe
2016-06-27 10:31 - 2016-06-27 11:12 - 00002014 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-06-27 10:31 - 2016-06-27 10:31 - 00000000 ____D C:\ProgramData\Visan
2016-06-27 10:31 - 2016-06-27 10:31 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-06-27 10:31 - 2016-06-27 10:31 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-06-27 10:30 - 2016-07-04 10:45 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\HpUpdate
2016-06-27 10:30 - 2016-06-27 11:12 - 00002289 _____ C:\Users\Public\Desktop\HP OfficeJet 3830 series.lnk
2016-06-27 10:30 - 2016-06-27 11:12 - 00001210 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk
2016-06-27 10:30 - 2016-06-27 10:30 - 00003600 _____ C:\windows\System32\Tasks\HPCustParticipation HP OfficeJet 3830 series
2016-06-27 10:30 - 2015-03-09 14:44 - 00807432 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPME511.dll
2016-06-27 10:29 - 2016-06-27 10:30 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-27 10:29 - 2016-06-27 10:29 - 00000000 ____D C:\Program Files\HP
2016-06-27 10:28 - 2016-06-27 10:28 - 00000057 _____ C:\ProgramData\Ament.ini
2016-06-27 10:20 - 2016-06-27 10:29 - 00000000 ____D C:\ProgramData\HP
2016-06-27 10:09 - 2016-06-14 13:13 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-27 10:09 - 2016-06-14 13:13 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-27 03:10 - 2016-06-27 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2016-06-27 03:08 - 2016-06-28 00:21 - 00000000 ____D C:\Users\jayov_000\Documents\Spark Library
2016-06-27 03:07 - 2016-06-27 03:07 - 00000000 ____D C:\Program Files (x86)\Arturia
2016-06-27 02:44 - 2016-07-08 16:30 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 02:44 - 2016-06-27 11:12 - 00001127 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-27 02:44 - 2016-06-27 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-27 02:44 - 2016-06-27 02:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-27 02:44 - 2016-06-27 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-27 02:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-06-27 02:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-06-27 02:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-06-27 02:43 - 2016-06-27 02:43 - 22851472 _____ (Malwarebytes ) C:\Users\jayov_000\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-27 02:09 - 2016-06-27 11:12 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-27 02:09 - 2016-06-27 11:12 - 00000874 _____ C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-27 02:08 - 2016-06-27 11:12 - 00001165 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-26 16:27 - 2016-06-26 16:27 - 18825216 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 15158272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 14467584 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 12879872 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 07446360 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-26 16:27 - 2016-06-26 16:27 - 01134776 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00987136 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00927744 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00881152 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00840704 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00800768 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00754176 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00737280 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00696832 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00551256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00543232 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00348672 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00322048 _____ (Microsoft Corporation) C:\windows\system32\fvecpl.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Geolocation.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00281088 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiswan.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00125440 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00114528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\BdeHdCfgLib.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\wfapigp.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00020480 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfapigp.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\httpprxp.dll
2016-06-26 14:56 - 2016-06-26 14:56 - 00000000 ____D C:\windows\CpuEssentials
2016-06-26 14:54 - 2016-06-27 22:29 - 00000000 ____D C:\Program Files (x86)\elansurfer
2016-06-26 14:54 - 2016-06-27 17:27 - 00000000 ____D C:\windows\SysWOW64\CpuHeatMapping
2016-06-26 14:54 - 2016-06-27 10:59 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\Jywsei
2016-06-26 14:54 - 2016-06-27 10:45 - 00000000 ____D C:\Users\jayov_000\AppData\LocalLow\Company
2016-06-26 14:54 - 2016-06-26 14:54 - 00000000 __SHD C:\windows\system32\%APPDATA%
2016-06-26 14:54 - 2016-06-26 14:54 - 00000000 ____D C:\Users\jayov_000\AppData\Local\Tempfolder
2016-06-26 14:54 - 2016-06-26 14:54 - 00000000 ____D C:\uninst
2016-06-26 14:50 - 2016-06-26 14:47 - 00001036 _____ C:\windows\system32\Drivers\etc\hp.bak
2016-06-26 14:47 - 2016-06-27 10:45 - 00000000 ____D C:\ProgramData\38ef31ff
2016-06-26 14:47 - 2016-06-26 14:47 - 00003736 _____ C:\windows\System32\Tasks\{CDC74FCF-FA19-298F-3E5C-FDFAC0906558}
2016-06-26 14:47 - 2016-06-21 00:50 - 00304223 _____ ( ) C:\windows\AdBlock.exe
2016-06-25 22:59 - 2016-06-25 22:59 - 08207852 _____ C:\Users\jayov_000\Downloads\Cubixv1.2.zip
2016-06-25 22:59 - 2016-06-25 22:59 - 00000000 ____D C:\Users\jayov_000\Downloads\Cubixv1.2
2016-06-25 22:54 - 2016-06-25 22:54 - 00000000 ____D C:\Users\jayov_000\Downloads\TS-808
2016-06-25 22:53 - 2016-06-25 22:53 - 03616629 _____ C:\Users\jayov_000\Downloads\TS-808.zip
2016-06-24 23:23 - 2016-06-24 23:23 - 00000000 ____D C:\Users\jayov_000\Downloads\GLS
2016-06-24 23:22 - 2016-06-24 23:22 - 01361259 _____ C:\Users\jayov_000\Downloads\GLS.zip
2016-06-24 23:21 - 2016-06-24 23:21 - 02640896 _____ C:\Users\jayov_000\Downloads\Vocal Remover.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 02975760 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\rootpacommon.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 01804704 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00277232 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\Drivers\amdpsp.sys
2016-06-23 21:23 - 2016-06-23 21:23 - 00129040 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\tbaseregistry64.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00108560 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\tbaseregistry32.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00106512 _____ (AMD) C:\windows\system32\pspcoins.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00101104 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\Drivers\amdkmcsp.sys
2016-06-23 21:23 - 2016-06-23 21:23 - 00091672 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdumcsp.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00071192 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdumcsp.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00054800 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\tbaseprovisioning.exe
2016-06-23 21:23 - 2016-06-23 21:23 - 00025104 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\t-base_client_api.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00021008 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\t-base_client_api.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00001375 _____ C:\windows\SysWOW64\tbaseprovisioning.exe.config
2016-06-23 21:21 - 2016-06-23 21:21 - 00936192 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys
2016-06-23 21:21 - 2016-06-23 21:21 - 00082544 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2016-06-23 21:17 - 2016-06-23 21:17 - 00103424 _____ (Advanced Micro Devices) C:\windows\system32\DelayAPO.dll
2016-06-23 21:17 - 2016-06-23 21:17 - 00101376 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\AtihdWB6.sys
2016-06-23 21:15 - 2016-06-23 21:15 - 00000000 ____D C:\windows\IObit
2016-06-15 13:47 - 2016-06-15 13:47 - 05411584 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys
2016-06-15 13:37 - 2016-06-15 13:37 - 00012928 _____ C:\windows\system32\Drivers\rtldata.dat
2016-06-14 13:48 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-06-14 13:48 - 2016-06-03 09:38 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-14 13:48 - 2016-06-02 13:51 - 00050352 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-14 13:48 - 2016-05-29 11:04 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-14 13:48 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-14 13:48 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-14 13:48 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-14 13:48 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-14 13:48 - 2016-05-13 19:09 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-14 13:48 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-14 13:48 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-14 13:48 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-14 13:48 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-14 13:48 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-14 13:48 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-06-14 13:48 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-06-14 13:48 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-06-14 13:48 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 13:48 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-14 13:48 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-14 13:46 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-14 13:46 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-14 13:46 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-14 13:46 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-14 13:46 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-14 13:46 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-14 13:46 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-14 13:46 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-14 13:46 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-14 13:46 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-14 13:46 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-14 13:46 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 13:46 - 2016-04-14 11:25 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-14 13:46 - 2016-04-14 11:11 - 02464768 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-14 13:45 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-14 13:45 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-14 13:45 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-14 13:45 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-14 13:45 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-14 13:45 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-14 13:45 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-14 13:45 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-14 13:45 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-14 13:45 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-14 13:45 - 2016-05-20 17:25 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-06-14 13:45 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-14 13:45 - 2016-05-20 17:21 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-06-14 13:45 - 2016-05-20 17:19 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-06-14 13:45 - 2016-05-20 17:16 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-06-14 13:45 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-14 13:45 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-14 13:45 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-14 13:45 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-14 13:45 - 2016-05-20 17:09 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-14 13:45 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-14 13:45 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-14 13:45 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-14 13:45 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-14 13:45 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-14 13:45 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-14 13:45 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-14 13:45 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-14 13:45 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-14 13:45 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-14 13:45 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-14 13:45 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-14 13:45 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-14 13:45 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-14 13:45 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-14 13:45 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-14 13:45 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-14 13:45 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-08 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2016-07-08 16:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2016-07-08 16:35 - 2015-04-29 17:08 - 00003592 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-163670896-107507206-120751362-1001
2016-07-08 16:31 - 2016-03-10 15:11 - 00000000 ____D C:\ProgramData\ProductData
2016-07-08 16:31 - 2015-04-29 17:08 - 00000000 __RDO C:\Users\jayov_000\OneDrive
2016-07-08 16:30 - 2015-04-30 13:04 - 00000000 ____D C:\Users\jayov_000\AppData\LocalLow\360WD
2016-07-08 16:30 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-08 16:29 - 2014-12-04 12:13 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-07-08 15:52 - 2013-08-22 10:45 - 00000000 ____D C:\windows\Setup
2016-07-08 15:52 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-08 15:35 - 2015-04-29 17:08 - 00003782 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{EFF83FBD-E3BD-4B05-9214-4F3F3362538E}
2016-07-08 14:36 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-07-08 02:00 - 2015-05-01 18:42 - 00000000 ____D C:\Users\jayov_000\AppData\Local\Adobe
2016-07-07 18:21 - 2016-02-27 22:51 - 00000000 ____D C:\Users\jayov_000\AppData\Local\ElevatedDiagnostics
2016-07-07 13:35 - 2015-04-29 23:58 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\uTorrent
2016-07-06 16:38 - 2015-05-05 02:18 - 00000000 ____D C:\Users\jayov_000\AppData\Local\CrashDumps
2016-07-03 20:24 - 2014-12-04 12:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-03 03:39 - 2015-05-17 23:52 - 05129688 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-30 03:48 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-29 23:03 - 2014-12-04 12:12 - 00000000 ____D C:\windows\SysWOW64\RTCOM
2016-06-29 22:11 - 2016-03-10 15:10 - 00000256 _____ C:\windows\Tasks\ASC9_SkipUac_jayov_000.job
2016-06-29 16:21 - 2014-03-18 05:53 - 00891984 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-29 16:09 - 2015-04-29 17:00 - 00000000 ____D C:\Users\jayov_000
2016-06-29 15:42 - 2015-04-30 13:04 - 00000000 _RSHD C:\360SANDBOX
2016-06-29 15:33 - 2016-03-10 15:10 - 00002275 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-06-28 18:06 - 2016-02-26 15:56 - 00000000 ____D C:\ProgramData\Toontrack
2016-06-28 18:06 - 2016-02-26 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2016-06-28 18:05 - 2016-02-26 15:56 - 00000000 ____D C:\Program Files (x86)\Toontrack
2016-06-27 21:33 - 2015-04-30 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-06-27 17:19 - 2015-05-01 20:27 - 00000000 __SHD C:\ProgramData\360Quarant
2016-06-27 17:19 - 2015-05-01 20:27 - 00000000 __SHD C:\$360Section
2016-06-27 16:57 - 2016-04-21 14:04 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-06-27 16:57 - 2016-04-21 14:04 - 00000000 ___SD C:\windows\system32\GWX
2016-06-27 16:57 - 2015-05-05 02:01 - 00000000 ____D C:\windows\system32\appraiser
2016-06-27 16:57 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2016-06-27 11:12 - 2016-04-15 08:28 - 00002346 _____ C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-06-27 11:12 - 2016-03-18 09:50 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-27 11:12 - 2016-03-18 09:50 - 00002025 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-06-27 11:12 - 2016-03-10 15:11 - 00001373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-06-27 11:12 - 2016-03-10 15:11 - 00001367 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-06-27 11:12 - 2016-02-28 22:42 - 00001076 _____ C:\Users\Public\Desktop\DriverToolkit.lnk
2016-06-27 11:12 - 2016-02-26 20:24 - 00001076 _____ C:\Users\Public\Desktop\Service Center.lnk
2016-06-27 11:12 - 2016-02-26 15:56 - 00001974 _____ C:\Users\Public\Desktop\EZmix.lnk
2016-06-27 11:12 - 2015-12-08 19:38 - 00000972 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-27 11:12 - 2015-06-25 15:02 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2016-06-27 11:12 - 2015-04-29 17:02 - 00002062 _____ C:\Users\Public\Desktop\Get Dropbox Offer.lnk
2016-06-27 11:12 - 2015-04-29 17:02 - 00001306 _____ C:\Users\Public\Desktop\TripAdvisor.lnk
2016-06-27 11:12 - 2014-12-04 13:00 - 00001391 _____ C:\Users\Public\Desktop\HP Quick Access to Miracast.lnk
2016-06-27 11:12 - 2014-12-04 12:56 - 00002517 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-06-27 11:12 - 2014-12-04 12:50 - 00002524 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2016-06-27 11:12 - 2014-12-04 12:50 - 00002514 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2016-06-27 11:11 - 2016-03-26 21:18 - 00001006 _____ C:\Users\jayov_000\Desktop\SABnzbd.lnk
2016-06-27 11:11 - 2016-03-18 09:50 - 00002068 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-27 11:11 - 2016-03-10 15:11 - 00002163 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-06-27 11:11 - 2016-02-26 20:24 - 00001111 _____ C:\Users\Public\Desktop\Controller Editor.lnk
2016-06-27 11:11 - 2016-02-26 20:18 - 00001022 _____ C:\Users\jayov_000\Desktop\AnyToISO.lnk
2016-06-27 11:11 - 2016-02-14 23:11 - 00001165 _____ C:\Users\jayov_000\Desktop\FL Studio 10.lnk
2016-06-27 11:11 - 2016-02-14 23:11 - 00001153 _____ C:\Users\jayov_000\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2016-06-27 11:11 - 2016-01-15 10:45 - 00001284 _____ C:\Users\jayov_000\Desktop\PlayMaker Football.lnk
2016-06-27 11:11 - 2015-12-05 15:06 - 00001078 _____ C:\Users\jayov_000\Desktop\minetest.lnk
2016-06-27 11:11 - 2015-11-13 21:01 - 00002246 _____ C:\Users\jayov_000\Desktop\HP Support Assistant.lnk
2016-06-27 11:11 - 2015-05-05 16:14 - 00000988 _____ C:\Users\jayov_000\Desktop\scrapebox.lnk
2016-06-27 11:11 - 2015-04-29 23:58 - 00000905 _____ C:\Users\jayov_000\Desktop\µTorrent.lnk
2016-06-27 11:11 - 2015-04-29 23:58 - 00000885 _____ C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-06-27 11:11 - 2014-12-04 12:58 - 00002044 _____ C:\Users\Public\Desktop\Connected Photo.lnk
2016-06-27 11:11 - 2014-12-04 12:57 - 00002070 _____ C:\Users\Public\Desktop\Connected Music.lnk
2016-06-27 11:11 - 2014-12-04 12:49 - 00002064 _____ C:\Users\Public\Desktop\Connected Drive.lnk
2016-06-27 10:59 - 2016-04-21 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBP - Facebook Blaster Pro
2016-06-27 10:59 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Vss
2016-06-27 10:45 - 2016-04-21 22:19 - 00000000 ____D C:\Program Files (x86)\FBP - Facebook Blaster Pro
2016-06-27 10:35 - 2015-11-09 02:22 - 00000000 ____D C:\Users\jayov_000\AppData\Local\HP
2016-06-27 10:31 - 2014-12-04 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-27 10:28 - 2016-02-26 20:26 - 00000000 __HDC C:\ProgramData\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9}
2016-06-27 10:15 - 2015-11-09 02:27 - 00020992 ___SH C:\Users\jayov_000\Desktop\Thumbs.db
2016-06-27 10:04 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-06-27 03:07 - 2016-03-02 20:17 - 00000000 ____D C:\Program Files\Steinberg
2016-06-27 02:13 - 2016-02-14 23:09 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-06-27 02:09 - 2015-12-05 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manic Digger
2016-06-26 15:21 - 2014-12-04 12:15 - 03206666 _____ C:\windows\SysWOW64\rootpa.e2e
2016-06-23 21:15 - 2016-03-10 15:11 - 00003242 _____ C:\windows\System32\Tasks\Driver Booster Scheduler
2016-06-23 21:15 - 2016-03-10 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-06-23 19:39 - 2015-06-10 11:44 - 00000000 ____D C:\windows\system32\MRT
2016-06-23 19:34 - 2015-04-30 14:50 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-21 00:02 - 2015-04-30 13:04 - 00330472 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2016-06-21 00:02 - 2015-04-30 13:04 - 00182352 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2016-06-21 00:02 - 2015-04-30 13:04 - 00151784 _____ (360.cn) C:\windows\system32\Drivers\360AntiHacker64.sys
2016-06-19 05:52 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-19 05:50 - 2014-12-04 12:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-08 21:57 - 2015-10-05 11:41 - 00000000 ____D C:\Users\jayov_000\Downloads\wp-themes
 
==================== Files in the root of some directories =======
 
2016-04-23 01:10 - 2016-04-23 01:10 - 0000088 _____ () C:\Users\jayov_000\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-04-23 01:10 - 2016-04-23 01:19 - 0000236 _____ () C:\Users\jayov_000\AppData\Roaming\RO39-2M3Q
2016-04-25 08:12 - 2016-04-25 08:12 - 0000492 _____ () C:\Users\jayov_000\AppData\Roaming\scrapebox.regdata
2015-05-02 11:22 - 2016-04-25 12:19 - 0001456 _____ () C:\Users\jayov_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-18 22:31 - 2016-03-18 22:35 - 0000185 _____ () C:\Users\jayov_000\AppData\Local\TSE AUDIOTSE_X50.xml
2016-06-27 10:28 - 2016-06-27 10:28 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\jayov_000\AppData\Local\Temp\update160627.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2016-04-21 14:32] - [2016-04-21 14:32] - 0657920 ____A (Microsoft Corporation) 305703A6FD82F00C5D8B35A0307406C2
 
C:\windows\SysWOW64\dnsapi.dll
[2016-04-21 14:32] - [2016-04-21 14:32] - 0498688 ____A (Microsoft Corporation) 9D1C0D06C0259DB99299CF34C810E12B
 
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-04 04:46
 
==================== End of FRST.txt ============================
 
I also found a registry entry under Tcpip/Parameters/Interfaces.
 
It reads as follows...
 

Key Name:          HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DD27B378-D54A-4529-AF6D-A53AC62B0686}
Class Name:        <NO CLASS>
Last Write Time:   6/27/2016 - 11:23 AM
Value 0
  Name:            UseZeroBroadcast
  Type:            REG_DWORD
  Data:            0
 
Value 1
  Name:            EnableDeadGWDetect
  Type:            REG_DWORD
  Data:            0x1
 
Value 2
  Name:            EnableDHCP
  Type:            REG_DWORD
  Data:            0x1
 
Value 3
  Name:            NameServer
  Type:            REG_SZ
  Data:            168.95.1.1
 
Value 4
  Name:            Domain
  Type:            REG_SZ
  Data:            
 
Value 5
  Name:            RegistrationEnabled
  Type:            REG_DWORD
  Data:            0x1
 
Value 6
  Name:            RegisterAdapterName
  Type:            REG_DWORD
  Data:            0
 
Value 7
  Name:            DhcpIPAddress
  Type:            REG_SZ
  Data:            20.1.14.246
 
Value 8
  Name:            DhcpSubnetMask
  Type:            REG_SZ
  Data:            255.255.224.0
 
Value 9
  Name:            DhcpServer
  Type:            REG_SZ
  Data:            20.1.0.5
 
Value 10
  Name:            Lease
  Type:            REG_DWORD
  Data:            0x12c
 
Value 11
  Name:            LeaseObtainedTime
  Type:            REG_DWORD
  Data:            0x54ee2c50
 
Value 12
  Name:            T1
  Type:            REG_DWORD
  Data:            0x54ee2ce6
 
Value 13
  Name:            T2
  Type:            REG_DWORD
  Data:            0x54ee2d56
 
Value 14
  Name:            LeaseTerminatesTime
  Type:            REG_DWORD
  Data:            0x54ee2d7c
 
Value 15
  Name:            AddressType
  Type:            REG_DWORD
  Data:            0
 
Value 16
  Name:            IsServerNapAware
  Type:            REG_DWORD
  Data:            0
 
Value 17
  Name:            DhcpConnForceBroadcastFlag
  Type:            REG_DWORD
  Data:            0
 
Value 18
  Name:            DhcpDomain
  Type:            REG_SZ
  Data:            sgt.automation.net
 
Value 19
  Name:            DhcpSubnetMaskOpt
  Type:            REG_MULTI_SZ
  Data:            255.255.224.0
 
Value 20
  Name:            DhcpInterfaceOptions
  Type:            REG_BINARY
  Data:            
00000000   fc 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ü...............
00000010   e6 2c ee 54 79 00 00 00 - 00 00 00 00 00 00 00 00  æ,îTy...........
00000020   00 00 00 00 e6 2c ee 54 - 2f 00 00 00 00 00 00 00  ....æ,îT/.......
00000030   00 00 00 00 00 00 00 00 - e6 2c ee 54 2e 00 00 00  ........æ,îT....
00000040   00 00 00 00 00 00 00 00 - 00 00 00 00 e6 2c ee 54  ............æ,îT
00000050   2c 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ,...............
00000060   e6 2c ee 54 2b 00 00 00 - 00 00 00 00 00 00 00 00  æ,îT+...........
00000070   00 00 00 00 e6 2c ee 54 - 21 00 00 00 00 00 00 00  ....æ,îT!.......
00000080   00 00 00 00 00 00 00 00 - e6 2c ee 54 1f 00 00 00  ........æ,îT....
00000090   00 00 00 00 00 00 00 00 - 00 00 00 00 e6 2c ee 54  ............æ,îT
000000a0   06 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
000000b0   e6 2c ee 54 03 00 00 00 - 00 00 00 00 00 00 00 00  æ,îT............
000000c0   00 00 00 00 e6 2c ee 54 - 0f 00 00 00 00 00 00 00  ....æ,îT........
000000d0   12 00 00 00 00 00 00 00 - 7c 2d ee 54 73 67 74 2e  ........|-îTsgt.
000000e0   61 75 74 6f 6d 61 74 69 - 6f 6e 2e 6e 65 74 00 00  automation.net..
000000f0   01 00 00 00 00 00 00 00 - 04 00 00 00 00 00 00 00  ................
00000100   7c 2d ee 54 ff ff e0 00 - 33 00 00 00 00 00 00 00  |-îTÿÿà.3.......
00000110   04 00 00 00 00 00 00 00 - 7c 2d ee 54 00 00 01 2c  ........|-îT...,
00000120   36 00 00 00 00 00 00 00 - 04 00 00 00 00 00 00 00  6...............
00000130   7c 2d ee 54 14 01 00 05 - 35 00 00 00 00 00 00 00  |-îT....5.......
00000140   01 00 00 00 00 00 00 00 - 7c 2d ee 54 05 00 00 00  ........|-îT....
 
 
Value 21
  Name:            DHCPNameServer
  Type:            REG_SZ
  Data:            168.95.1.1
 
Value 22
  Name:            NameServer_bak
  Type:            REG_SZ
  Data:            |168.95.1.1
 
Value 23
  Name:            DhcpNameServer_bak
  Type:            REG_SZ
  Data:            82.163.143.171|168.95.1.1
 
I checked my DNS servers and they are reading the correct ones...
 
I'm at a loss. When I have a connection, its no greater than 2mbps. Usual speed test is at about 40mbps.
 
Any help would be greatly appreciated...

 

 

I wanted to add that I also ran this bat...

 

@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhosts>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
cls
echo script finished.
pause
del %0

Edited by jayoverhol, 08 July 2016 - 08:50 PM.


BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 PM

Posted 09 July 2016 - 03:11 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello jayoverhol,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

While I review the log you provided please do the following..


  • Please rerun FRST as you did before, make sure to check the Addition.txt box before clicking Scan.  Once the scan is over, a window entitled "Addition.txt" will open.  Please post the contents of Addition.txt in your next reply.



-----------------------------------------
In your next reply, I would like to see..

  • Addition.txt

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 PM

Posted 13 July 2016 - 01:43 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users