*moderator edit: moved from Web Browsing/Email and Other Internet Applications to Malware Removal Logs. FRST logs are allowed only in MRL forum. It is worth a look by a Malware Removal Team member to see if you did remove all malware. ~ Queen-Evie*
I accidently clicked on a setup file I should not have and it caused a lot of problems. It installed many malware programs. I believe I have successfully removed all of it but my internet connection keeps going up and down and sometimes it shows as "limited"
Also, ever since this happened, a new wireless network is available called "Hidden Network". Don't know what it is or if it's even related to this problem.
Here's what I've done so far...
I downloaded Malwarebytes, scanned and deleted several items. One thing I had to do manually because it did not detect it. It was running in my temp files and would instantly close any window I tried to open.
I also have Iorbit Malware Fighter and 360 Total Security installed. I have disabled all of them thinking maybe one of them was responsible.
I also hooked up a usb wifi adapter and had the exact same problem with it. I would keep getting the same "DNS" error.
I then ran FRST. Here's the FRST.txt file readout....
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by jayov_000 (administrator) on MAIN (08-07-2016 16:48:14)
Running from C:\Users\jayov_000\Desktop
Loaded Profiles: jayov_000 (Available Profiles: jayov_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\windows\System32\GWX\GWX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8849152 2016-04-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2016-06-21] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5890848 2016-04-26] (IObit)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-08] (Valve Corporation)
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\MountPoints2: {03cccf1f-049b-11e5-8261-64510659ffa0} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\MountPoints2: {1482c209-dcd7-11e5-827d-64510659ffa0} - "G:\setup.exe"
HKU\S-1-5-21-163670896-107507206-120751362-1001\...\MountPoints2: {1fc023b1-86ab-11e5-8271-64510659ffa0} - "H:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [WinResSync] => C:\windows\system32\regsvr32.exe /s "C:\Users\jayov_000\AppData\Roaming\Microsoft\Protect\65555_65555_2444_0_b3dcc.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\windows\system32\regsvr32.exe /s "C:\Users\jayov_000\AppData\Roaming\Microsoft\Protect\65555_65555_2444_0_b3dcc.rs"
Startup: C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP OfficeJet 3830 series.lnk [2016-07-08]
ShortcutTarget: Monitor Ink Alerts - HP OfficeJet 3830 series.lnk -> C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-06-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2549F1B2-0D36-4A8B-BA80-1581CF8BA596}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DA231394-DB4E-4E3B-903F-25D5E4FDF6A3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{DD27B378-D54A-4529-AF6D-A53AC62B0686}: [NameServer] 168.95.1.1
Tcpip\..\Interfaces\{DD27B378-D54A-4529-AF6D-A53AC62B0686}: [DhcpNameServer] 168.95.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-163670896-107507206-120751362-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-163670896-107507206-120751362-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-163670896-107507206-120751362-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-163670896-107507206-120751362-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {6E249E78-EAE1-412A-A55E-1F722A3C37D2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {6E249E78-EAE1-412A-A55E-1F722A3C37D2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-163670896-107507206-120751362-1001 -> {6E249E78-EAE1-412A-A55E-1F722A3C37D2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll => No File
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-06-21] (Qihu 360 Software Co., Ltd.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MCC73A2B0-1DA7-4323-9DCE-0E910D9ACBEF&SearchSource=55&CUI=&UM=8&UP=SPBFF8A648-4776-492F-AEAA-B02807798FEE&D=062616&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MCC73A2B0-1DA7-4323-9DCE-0E910D9ACBEF&SearchSource=55&CUI=&UM=8&UP=SPBFF8A648-4776-492F-AEAA-B02807798FEE&D=062616&SSPV=","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com/?cid={0B8C4DBC-B714-4E6A-88E2-987FE3A3B3B8}&mid=e1b987b93dae459e86d06d825136cbb9-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=oc011&pr=sa&d=2013-08-31%2022:05:25&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MCC73A2B0-1DA7-4323-9DCE-0E910D9ACBEF&SearchSource=55&CUI=&UM=8&UP=SPBFF8A648-4776-492F-AEAA-B02807798FEE&D=062616&SSPV="
CHR Profile: C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (ColorZilla) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-07-10]
CHR Extension: (YouTube) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Cookies Button) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbhnmbolemgkcaglljmkkpcdelmbage [2015-04-29]
CHR Extension: (Google Search) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Sheets) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Click&Clean) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-06-27]
CHR Extension: (AdBlock) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-07]
CHR Extension: (Unlimited Free VPN - Betternet) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-04-24]
CHR Extension: (Incognito This!) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnaplnkjfjncegmphmlfpggildllbho [2015-12-25]
CHR Extension: (Online and download your movie! [FE]) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmkidjmdndemnaedpemmbgokmppefgl [2015-04-29]
CHR Extension: (RoboForm Lite Password Manager) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj [2015-04-29]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-05-15]
CHR Extension: (Download Master) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2016-04-10]
CHR Extension: (AVG Secure Search) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Click&Clean App) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-06-04]
CHR Extension: (Gmail) - C:\Users\jayov_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1580320 2016-04-22] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-21] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [913832 2016-06-21] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-21] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [54800 2016-06-23] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-06-21] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-06-21] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-03-03] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-06-21] (360.cn)
S3 A5AGU; C:\Windows\system32\DRIVERS\AGUx64.sys [1077760 2008-08-06] (D-Link Corporation)
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [101104 2016-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-06-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [277232 2016-06-23] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [101376 2016-06-23] (Advanced Micro Devices)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-06-21] (360.cn)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-03-10] (REALiX)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-03-31] (IObit)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
U5 pgusbwdm; C:\Windows\System32\Drivers\pgusbwdm.sys [466496 2010-08-13] (usb-audio.de)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-03-31] (IObit.com)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2016-04-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [5411584 2016-06-15] (Realtek Semiconductor Corporation )
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-08 16:48 - 2016-07-08 16:48 - 00023163 _____ C:\Users\jayov_000\Desktop\FRST.txt
2016-07-08 16:47 - 2016-07-08 16:47 - 02390016 _____ (Farbar) C:\Users\jayov_000\Desktop\FRST64.exe
2016-07-08 16:46 - 2016-07-08 16:47 - 03712064 _____ C:\Users\jayov_000\Desktop\AdwCleaner.exe
2016-07-08 16:34 - 2016-07-08 16:39 - 00000278 _____ C:\Users\jayov_000\Desktop\New Text Document (4).txt
2016-07-08 16:33 - 2016-07-08 16:33 - 00002874 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (jayov_000)
2016-07-08 15:17 - 2016-07-08 15:18 - 00000000 ____D C:\Users\jayov_000\AppData\Local\MetaGeek,_LLC
2016-07-08 15:16 - 2016-07-08 15:16 - 00002535 _____ C:\Users\Public\Desktop\inSSIDer Home.lnk
2016-07-08 15:16 - 2016-07-08 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
2016-07-08 15:16 - 2016-07-08 15:16 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2016-07-08 14:41 - 2016-07-08 14:43 - 04767744 _____ C:\Users\jayov_000\Downloads\inSSIDer-installer.msi
2016-07-08 14:41 - 2016-07-08 14:43 - 04767744 _____ C:\Users\jayov_000\Downloads\inSSIDer-installer (1).msi
2016-07-07 04:33 - 2016-07-07 21:34 - 00000358 _____ C:\windows\Tasks\HPCeeScheduleForjayov_000.job
2016-07-07 04:33 - 2016-07-07 04:33 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForjayov_000
2016-07-03 03:40 - 2016-07-03 03:41 - 00000296 _____ C:\windows\Tasks\Uninstaller_SkipUac_jayov_000.job
2016-07-03 03:40 - 2016-07-03 03:40 - 00002404 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_jayov_000
2016-06-29 23:03 - 2016-07-08 14:36 - 00000000 ____D C:\windows\LastGood
2016-06-29 23:03 - 2016-06-29 23:03 - 00001899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control Panel.lnk
2016-06-29 15:54 - 2016-06-29 15:54 - 00000000 ____D C:\windows\LastGood.Tmp
2016-06-28 18:06 - 2016-06-28 18:06 - 00002028 _____ C:\Users\Public\Desktop\EZdrummer.lnk
2016-06-27 21:33 - 2016-06-27 21:33 - 00001170 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-06-27 21:33 - 2016-06-27 21:33 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-06-27 21:33 - 2016-06-21 00:02 - 00370768 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys
2016-06-27 17:19 - 2016-06-29 16:25 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-06-27 17:19 - 2016-06-27 17:21 - 00000000 ____D C:\Users\jayov_000\AppData\Local\Innovative Solutions
2016-06-27 17:19 - 2016-06-27 17:19 - 19316456 _____ (Innovative Solutions ) C:\Users\jayov_000\Downloads\Advanced_Uninstaller11.exe
2016-06-27 17:18 - 2016-06-27 17:18 - 00027828 _____ C:\Users\jayov_000\Downloads\Addition.txt
2016-06-27 17:17 - 2016-07-08 16:47 - 00000000 ____D C:\FRST
2016-06-27 17:17 - 2016-06-27 17:18 - 00063806 _____ C:\Users\jayov_000\Downloads\FRST.txt
2016-06-27 17:16 - 2016-06-27 17:17 - 02193920 _____ (Farbar) C:\Users\jayov_000\Downloads\FRST64.exe
2016-06-27 10:31 - 2016-06-27 11:12 - 00002014 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-06-27 10:31 - 2016-06-27 10:31 - 00000000 ____D C:\ProgramData\Visan
2016-06-27 10:31 - 2016-06-27 10:31 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-06-27 10:31 - 2016-06-27 10:31 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-06-27 10:30 - 2016-07-04 10:45 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\HpUpdate
2016-06-27 10:30 - 2016-06-27 11:12 - 00002289 _____ C:\Users\Public\Desktop\HP OfficeJet 3830 series.lnk
2016-06-27 10:30 - 2016-06-27 11:12 - 00001210 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk
2016-06-27 10:30 - 2016-06-27 10:30 - 00003600 _____ C:\windows\System32\Tasks\HPCustParticipation HP OfficeJet 3830 series
2016-06-27 10:30 - 2015-03-09 14:44 - 00807432 ____N (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPME511.dll
2016-06-27 10:29 - 2016-06-27 10:30 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-27 10:29 - 2016-06-27 10:29 - 00000000 ____D C:\Program Files\HP
2016-06-27 10:28 - 2016-06-27 10:28 - 00000057 _____ C:\ProgramData\Ament.ini
2016-06-27 10:20 - 2016-06-27 10:29 - 00000000 ____D C:\ProgramData\HP
2016-06-27 10:09 - 2016-06-14 13:13 - 00828408 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-27 10:09 - 2016-06-14 13:13 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-27 03:10 - 2016-06-27 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2016-06-27 03:08 - 2016-06-28 00:21 - 00000000 ____D C:\Users\jayov_000\Documents\Spark Library
2016-06-27 03:07 - 2016-06-27 03:07 - 00000000 ____D C:\Program Files (x86)\Arturia
2016-06-27 02:44 - 2016-07-08 16:30 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 02:44 - 2016-06-27 11:12 - 00001127 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-27 02:44 - 2016-06-27 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-27 02:44 - 2016-06-27 02:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-27 02:44 - 2016-06-27 02:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-27 02:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-06-27 02:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-06-27 02:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-06-27 02:43 - 2016-06-27 02:43 - 22851472 _____ (Malwarebytes ) C:\Users\jayov_000\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-27 02:09 - 2016-06-27 11:12 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-27 02:09 - 2016-06-27 11:12 - 00000874 _____ C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-27 02:08 - 2016-06-27 11:12 - 00001165 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-26 16:27 - 2016-06-26 16:27 - 18825216 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 15158272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 14467584 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 12879872 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 07446360 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-26 16:27 - 2016-06-26 16:27 - 01134776 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00987136 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00927744 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00881152 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00840704 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00800768 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00754176 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00737280 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00696832 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00551256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00543232 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00348672 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00322048 _____ (Microsoft Corporation) C:\windows\system32\fvecpl.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00306176 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Geolocation.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00281088 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiswan.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00125440 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00114528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys
2016-06-26 16:27 - 2016-06-26 16:27 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\BdeHdCfgLib.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\wfapigp.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00020480 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfapigp.dll
2016-06-26 16:27 - 2016-06-26 16:27 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\httpprxp.dll
2016-06-26 14:56 - 2016-06-26 14:56 - 00000000 ____D C:\windows\CpuEssentials
2016-06-26 14:54 - 2016-06-27 22:29 - 00000000 ____D C:\Program Files (x86)\elansurfer
2016-06-26 14:54 - 2016-06-27 17:27 - 00000000 ____D C:\windows\SysWOW64\CpuHeatMapping
2016-06-26 14:54 - 2016-06-27 10:59 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\Jywsei
2016-06-26 14:54 - 2016-06-27 10:45 - 00000000 ____D C:\Users\jayov_000\AppData\LocalLow\Company
2016-06-26 14:54 - 2016-06-26 14:54 - 00000000 __SHD C:\windows\system32\%APPDATA%
2016-06-26 14:54 - 2016-06-26 14:54 - 00000000 ____D C:\Users\jayov_000\AppData\Local\Tempfolder
2016-06-26 14:54 - 2016-06-26 14:54 - 00000000 ____D C:\uninst
2016-06-26 14:50 - 2016-06-26 14:47 - 00001036 _____ C:\windows\system32\Drivers\etc\hp.bak
2016-06-26 14:47 - 2016-06-27 10:45 - 00000000 ____D C:\ProgramData\38ef31ff
2016-06-26 14:47 - 2016-06-26 14:47 - 00003736 _____ C:\windows\System32\Tasks\{CDC74FCF-FA19-298F-3E5C-FDFAC0906558}
2016-06-26 14:47 - 2016-06-21 00:50 - 00304223 _____ ( ) C:\windows\AdBlock.exe
2016-06-25 22:59 - 2016-06-25 22:59 - 08207852 _____ C:\Users\jayov_000\Downloads\Cubixv1.2.zip
2016-06-25 22:59 - 2016-06-25 22:59 - 00000000 ____D C:\Users\jayov_000\Downloads\Cubixv1.2
2016-06-25 22:54 - 2016-06-25 22:54 - 00000000 ____D C:\Users\jayov_000\Downloads\TS-808
2016-06-25 22:53 - 2016-06-25 22:53 - 03616629 _____ C:\Users\jayov_000\Downloads\TS-808.zip
2016-06-24 23:23 - 2016-06-24 23:23 - 00000000 ____D C:\Users\jayov_000\Downloads\GLS
2016-06-24 23:22 - 2016-06-24 23:22 - 01361259 _____ C:\Users\jayov_000\Downloads\GLS.zip
2016-06-24 23:21 - 2016-06-24 23:21 - 02640896 _____ C:\Users\jayov_000\Downloads\Vocal Remover.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 02975760 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\rootpacommon.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 01804704 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00277232 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\Drivers\amdpsp.sys
2016-06-23 21:23 - 2016-06-23 21:23 - 00129040 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\tbaseregistry64.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00108560 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\tbaseregistry32.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00106512 _____ (AMD) C:\windows\system32\pspcoins.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00101104 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\Drivers\amdkmcsp.sys
2016-06-23 21:23 - 2016-06-23 21:23 - 00091672 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdumcsp.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00071192 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdumcsp.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00054800 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\tbaseprovisioning.exe
2016-06-23 21:23 - 2016-06-23 21:23 - 00025104 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\t-base_client_api.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00021008 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\t-base_client_api.dll
2016-06-23 21:23 - 2016-06-23 21:23 - 00001375 _____ C:\windows\SysWOW64\tbaseprovisioning.exe.config
2016-06-23 21:21 - 2016-06-23 21:21 - 00936192 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys
2016-06-23 21:21 - 2016-06-23 21:21 - 00082544 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2016-06-23 21:17 - 2016-06-23 21:17 - 00103424 _____ (Advanced Micro Devices) C:\windows\system32\DelayAPO.dll
2016-06-23 21:17 - 2016-06-23 21:17 - 00101376 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\AtihdWB6.sys
2016-06-23 21:15 - 2016-06-23 21:15 - 00000000 ____D C:\windows\IObit
2016-06-15 13:47 - 2016-06-15 13:47 - 05411584 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys
2016-06-15 13:37 - 2016-06-15 13:37 - 00012928 _____ C:\windows\system32\Drivers\rtldata.dat
2016-06-14 13:48 - 2016-06-03 13:11 - 00472576 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-06-14 13:48 - 2016-06-03 09:38 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-14 13:48 - 2016-06-02 13:51 - 00050352 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-14 13:48 - 2016-05-29 11:04 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-14 13:48 - 2016-05-29 11:04 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-14 13:48 - 2016-05-16 17:13 - 00563016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-14 13:48 - 2016-05-16 17:13 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-14 13:48 - 2016-05-16 17:13 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-14 13:48 - 2016-05-16 17:13 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-14 13:48 - 2016-05-13 19:09 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-14 13:48 - 2016-05-13 19:07 - 00675328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-14 13:48 - 2016-05-13 19:07 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-14 13:48 - 2016-05-13 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-14 13:48 - 2016-05-13 18:34 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-14 13:48 - 2016-05-13 17:58 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-14 13:48 - 2016-05-09 17:35 - 07075328 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-06-14 13:48 - 2016-05-09 16:56 - 05270016 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-06-14 13:48 - 2016-05-09 16:45 - 07793152 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-06-14 13:48 - 2016-05-09 16:23 - 05265920 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 13:48 - 2016-05-06 11:45 - 00748544 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-14 13:48 - 2016-05-06 11:23 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-14 13:46 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-14 13:46 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-14 13:46 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-14 13:46 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-14 13:46 - 2016-05-12 14:38 - 00135336 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-14 13:46 - 2016-05-12 13:43 - 00115704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-14 13:46 - 2016-05-12 12:17 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-14 13:46 - 2016-05-12 12:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-14 13:46 - 2016-05-12 12:07 - 01360896 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-14 13:46 - 2016-05-12 11:59 - 00398848 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-14 13:46 - 2016-05-12 11:43 - 00291328 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-14 13:46 - 2016-05-12 11:37 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 13:46 - 2016-04-14 11:25 - 02778624 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-14 13:46 - 2016-04-14 11:11 - 02464768 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-14 13:45 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-14 13:45 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-14 13:45 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-14 13:45 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-14 13:45 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-14 13:45 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-14 13:45 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-14 13:45 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-14 13:45 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-14 13:45 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-14 13:45 - 2016-05-20 17:25 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-06-14 13:45 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-14 13:45 - 2016-05-20 17:21 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-06-14 13:45 - 2016-05-20 17:19 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-06-14 13:45 - 2016-05-20 17:16 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-06-14 13:45 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-14 13:45 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-14 13:45 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-14 13:45 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-14 13:45 - 2016-05-20 17:09 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-14 13:45 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-14 13:45 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-14 13:45 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-14 13:45 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-14 13:45 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-14 13:45 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-14 13:45 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-14 13:45 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-14 13:45 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-14 13:45 - 2016-05-18 19:15 - 01379040 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-14 13:45 - 2016-05-18 16:35 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-14 13:45 - 2016-05-14 16:01 - 00363104 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-14 13:45 - 2016-05-14 16:01 - 00320720 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-14 13:45 - 2016-05-13 19:07 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-14 13:45 - 2016-05-13 17:58 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-14 13:45 - 2016-05-13 17:45 - 00802816 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-14 13:45 - 2016-05-13 17:35 - 00286208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-14 13:45 - 2016-05-13 17:26 - 00631808 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-08 16:44 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2016-07-08 16:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2016-07-08 16:35 - 2015-04-29 17:08 - 00003592 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-163670896-107507206-120751362-1001
2016-07-08 16:31 - 2016-03-10 15:11 - 00000000 ____D C:\ProgramData\ProductData
2016-07-08 16:31 - 2015-04-29 17:08 - 00000000 __RDO C:\Users\jayov_000\OneDrive
2016-07-08 16:30 - 2015-04-30 13:04 - 00000000 ____D C:\Users\jayov_000\AppData\LocalLow\360WD
2016-07-08 16:30 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-08 16:29 - 2014-12-04 12:13 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-07-08 15:52 - 2013-08-22 10:45 - 00000000 ____D C:\windows\Setup
2016-07-08 15:52 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-08 15:35 - 2015-04-29 17:08 - 00003782 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{EFF83FBD-E3BD-4B05-9214-4F3F3362538E}
2016-07-08 14:36 - 2013-08-22 09:36 - 00000000 ____D C:\windows\Inf
2016-07-08 02:00 - 2015-05-01 18:42 - 00000000 ____D C:\Users\jayov_000\AppData\Local\Adobe
2016-07-07 18:21 - 2016-02-27 22:51 - 00000000 ____D C:\Users\jayov_000\AppData\Local\ElevatedDiagnostics
2016-07-07 13:35 - 2015-04-29 23:58 - 00000000 ____D C:\Users\jayov_000\AppData\Roaming\uTorrent
2016-07-06 16:38 - 2015-05-05 02:18 - 00000000 ____D C:\Users\jayov_000\AppData\Local\CrashDumps
2016-07-03 20:24 - 2014-12-04 12:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-03 03:39 - 2015-05-17 23:52 - 05129688 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-30 03:48 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-29 23:03 - 2014-12-04 12:12 - 00000000 ____D C:\windows\SysWOW64\RTCOM
2016-06-29 22:11 - 2016-03-10 15:10 - 00000256 _____ C:\windows\Tasks\ASC9_SkipUac_jayov_000.job
2016-06-29 16:21 - 2014-03-18 05:53 - 00891984 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-29 16:09 - 2015-04-29 17:00 - 00000000 ____D C:\Users\jayov_000
2016-06-29 15:42 - 2015-04-30 13:04 - 00000000 _RSHD C:\360SANDBOX
2016-06-29 15:33 - 2016-03-10 15:10 - 00002275 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-06-28 18:06 - 2016-02-26 15:56 - 00000000 ____D C:\ProgramData\Toontrack
2016-06-28 18:06 - 2016-02-26 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontrack
2016-06-28 18:05 - 2016-02-26 15:56 - 00000000 ____D C:\Program Files (x86)\Toontrack
2016-06-27 21:33 - 2015-04-30 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-06-27 17:19 - 2015-05-01 20:27 - 00000000 __SHD C:\ProgramData\360Quarant
2016-06-27 17:19 - 2015-05-01 20:27 - 00000000 __SHD C:\$360Section
2016-06-27 16:57 - 2016-04-21 14:04 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-06-27 16:57 - 2016-04-21 14:04 - 00000000 ___SD C:\windows\system32\GWX
2016-06-27 16:57 - 2015-05-05 02:01 - 00000000 ____D C:\windows\system32\appraiser
2016-06-27 16:57 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2016-06-27 11:12 - 2016-04-15 08:28 - 00002346 _____ C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-06-27 11:12 - 2016-03-18 09:50 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-27 11:12 - 2016-03-18 09:50 - 00002025 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-06-27 11:12 - 2016-03-10 15:11 - 00001373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-06-27 11:12 - 2016-03-10 15:11 - 00001367 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-06-27 11:12 - 2016-02-28 22:42 - 00001076 _____ C:\Users\Public\Desktop\DriverToolkit.lnk
2016-06-27 11:12 - 2016-02-26 20:24 - 00001076 _____ C:\Users\Public\Desktop\Service Center.lnk
2016-06-27 11:12 - 2016-02-26 15:56 - 00001974 _____ C:\Users\Public\Desktop\EZmix.lnk
2016-06-27 11:12 - 2015-12-08 19:38 - 00000972 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-27 11:12 - 2015-10-09 12:39 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-27 11:12 - 2015-06-25 15:02 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2016-06-27 11:12 - 2015-04-29 17:02 - 00002062 _____ C:\Users\Public\Desktop\Get Dropbox Offer.lnk
2016-06-27 11:12 - 2015-04-29 17:02 - 00001306 _____ C:\Users\Public\Desktop\TripAdvisor.lnk
2016-06-27 11:12 - 2014-12-04 13:00 - 00001391 _____ C:\Users\Public\Desktop\HP Quick Access to Miracast.lnk
2016-06-27 11:12 - 2014-12-04 12:56 - 00002517 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-06-27 11:12 - 2014-12-04 12:50 - 00002524 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2016-06-27 11:12 - 2014-12-04 12:50 - 00002514 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2016-06-27 11:11 - 2016-03-26 21:18 - 00001006 _____ C:\Users\jayov_000\Desktop\SABnzbd.lnk
2016-06-27 11:11 - 2016-03-18 09:50 - 00002068 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-06-27 11:11 - 2016-03-10 15:11 - 00002163 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-06-27 11:11 - 2016-02-26 20:24 - 00001111 _____ C:\Users\Public\Desktop\Controller Editor.lnk
2016-06-27 11:11 - 2016-02-26 20:18 - 00001022 _____ C:\Users\jayov_000\Desktop\AnyToISO.lnk
2016-06-27 11:11 - 2016-02-14 23:11 - 00001165 _____ C:\Users\jayov_000\Desktop\FL Studio 10.lnk
2016-06-27 11:11 - 2016-02-14 23:11 - 00001153 _____ C:\Users\jayov_000\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2016-06-27 11:11 - 2016-01-15 10:45 - 00001284 _____ C:\Users\jayov_000\Desktop\PlayMaker Football.lnk
2016-06-27 11:11 - 2015-12-05 15:06 - 00001078 _____ C:\Users\jayov_000\Desktop\minetest.lnk
2016-06-27 11:11 - 2015-11-13 21:01 - 00002246 _____ C:\Users\jayov_000\Desktop\HP Support Assistant.lnk
2016-06-27 11:11 - 2015-05-05 16:14 - 00000988 _____ C:\Users\jayov_000\Desktop\scrapebox.lnk
2016-06-27 11:11 - 2015-04-29 23:58 - 00000905 _____ C:\Users\jayov_000\Desktop\µTorrent.lnk
2016-06-27 11:11 - 2015-04-29 23:58 - 00000885 _____ C:\Users\jayov_000\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-06-27 11:11 - 2014-12-04 12:58 - 00002044 _____ C:\Users\Public\Desktop\Connected Photo.lnk
2016-06-27 11:11 - 2014-12-04 12:57 - 00002070 _____ C:\Users\Public\Desktop\Connected Music.lnk
2016-06-27 11:11 - 2014-12-04 12:49 - 00002064 _____ C:\Users\Public\Desktop\Connected Drive.lnk
2016-06-27 10:59 - 2016-04-21 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBP - Facebook Blaster Pro
2016-06-27 10:59 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Vss
2016-06-27 10:45 - 2016-04-21 22:19 - 00000000 ____D C:\Program Files (x86)\FBP - Facebook Blaster Pro
2016-06-27 10:35 - 2015-11-09 02:22 - 00000000 ____D C:\Users\jayov_000\AppData\Local\HP
2016-06-27 10:31 - 2014-12-04 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-27 10:28 - 2016-02-26 20:26 - 00000000 __HDC C:\ProgramData\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9}
2016-06-27 10:15 - 2015-11-09 02:27 - 00020992 ___SH C:\Users\jayov_000\Desktop\Thumbs.db
2016-06-27 10:04 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2016-06-27 03:07 - 2016-03-02 20:17 - 00000000 ____D C:\Program Files\Steinberg
2016-06-27 02:13 - 2016-02-14 23:09 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-06-27 02:09 - 2015-12-05 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manic Digger
2016-06-26 15:21 - 2014-12-04 12:15 - 03206666 _____ C:\windows\SysWOW64\rootpa.e2e
2016-06-23 21:15 - 2016-03-10 15:11 - 00003242 _____ C:\windows\System32\Tasks\Driver Booster Scheduler
2016-06-23 21:15 - 2016-03-10 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-06-23 19:39 - 2015-06-10 11:44 - 00000000 ____D C:\windows\system32\MRT
2016-06-23 19:34 - 2015-04-30 14:50 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-21 00:02 - 2015-04-30 13:04 - 00330472 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2016-06-21 00:02 - 2015-04-30 13:04 - 00182352 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2016-06-21 00:02 - 2015-04-30 13:04 - 00151784 _____ (360.cn) C:\windows\system32\Drivers\360AntiHacker64.sys
2016-06-19 05:52 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-19 05:50 - 2014-12-04 12:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-08 21:57 - 2015-10-05 11:41 - 00000000 ____D C:\Users\jayov_000\Downloads\wp-themes
==================== Files in the root of some directories =======
2016-04-23 01:10 - 2016-04-23 01:10 - 0000088 _____ () C:\Users\jayov_000\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-04-23 01:10 - 2016-04-23 01:19 - 0000236 _____ () C:\Users\jayov_000\AppData\Roaming\RO39-2M3Q
2016-04-25 08:12 - 2016-04-25 08:12 - 0000492 _____ () C:\Users\jayov_000\AppData\Roaming\scrapebox.regdata
2015-05-02 11:22 - 2016-04-25 12:19 - 0001456 _____ () C:\Users\jayov_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-18 22:31 - 2016-03-18 22:35 - 0000185 _____ () C:\Users\jayov_000\AppData\Local\TSE AUDIOTSE_X50.xml
2016-06-27 10:28 - 2016-06-27 10:28 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\jayov_000\AppData\Local\Temp\update160627.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2016-04-21 14:32] - [2016-04-21 14:32] - 0657920 ____A (Microsoft Corporation) 305703A6FD82F00C5D8B35A0307406C2
C:\windows\SysWOW64\dnsapi.dll
[2016-04-21 14:32] - [2016-04-21 14:32] - 0498688 ____A (Microsoft Corporation) 9D1C0D06C0259DB99299CF34C810E12B
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-04 04:46
==================== End of FRST.txt ============================
I also found a registry entry under Tcpip/Parameters/Interfaces.
It reads as follows...
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DD27B378-D54A-4529-AF6D-A53AC62B0686}
Class Name: <NO CLASS>
Last Write Time: 6/27/2016 - 11:23 AM
Value 0
Name: UseZeroBroadcast
Type: REG_DWORD
Data: 0
Value 1
Name: EnableDeadGWDetect
Type: REG_DWORD
Data: 0x1
Value 2
Name: EnableDHCP
Type: REG_DWORD
Data: 0x1
Value 3
Name: NameServer
Type: REG_SZ
Data: 168.95.1.1
Value 4
Name: Domain
Type: REG_SZ
Data:
Value 5
Name: RegistrationEnabled
Type: REG_DWORD
Data: 0x1
Value 6
Name: RegisterAdapterName
Type: REG_DWORD
Data: 0
Value 7
Name: DhcpIPAddress
Type: REG_SZ
Data: 20.1.14.246
Value 8
Name: DhcpSubnetMask
Type: REG_SZ
Data: 255.255.224.0
Value 9
Name: DhcpServer
Type: REG_SZ
Data: 20.1.0.5
Value 10
Name: Lease
Type: REG_DWORD
Data: 0x12c
Value 11
Name: LeaseObtainedTime
Type: REG_DWORD
Data: 0x54ee2c50
Value 12
Name: T1
Type: REG_DWORD
Data: 0x54ee2ce6
Value 13
Name: T2
Type: REG_DWORD
Data: 0x54ee2d56
Value 14
Name: LeaseTerminatesTime
Type: REG_DWORD
Data: 0x54ee2d7c
Value 15
Name: AddressType
Type: REG_DWORD
Data: 0
Value 16
Name: IsServerNapAware
Type: REG_DWORD
Data: 0
Value 17
Name: DhcpConnForceBroadcastFlag
Type: REG_DWORD
Data: 0
Value 18
Name: DhcpDomain
Type: REG_SZ
Data: sgt.automation.net
Value 19
Name: DhcpSubnetMaskOpt
Type: REG_MULTI_SZ
Data: 255.255.224.0
Value 20
Name: DhcpInterfaceOptions
Type: REG_BINARY
Data:
00000000 fc 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ü...............
00000010 e6 2c ee 54 79 00 00 00 - 00 00 00 00 00 00 00 00 æ,îTy...........
00000020 00 00 00 00 e6 2c ee 54 - 2f 00 00 00 00 00 00 00 ....æ,îT/.......
00000030 00 00 00 00 00 00 00 00 - e6 2c ee 54 2e 00 00 00 ........æ,îT....
00000040 00 00 00 00 00 00 00 00 - 00 00 00 00 e6 2c ee 54 ............æ,îT
00000050 2c 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ,...............
00000060 e6 2c ee 54 2b 00 00 00 - 00 00 00 00 00 00 00 00 æ,îT+...........
00000070 00 00 00 00 e6 2c ee 54 - 21 00 00 00 00 00 00 00 ....æ,îT!.......
00000080 00 00 00 00 00 00 00 00 - e6 2c ee 54 1f 00 00 00 ........æ,îT....
00000090 00 00 00 00 00 00 00 00 - 00 00 00 00 e6 2c ee 54 ............æ,îT
000000a0 06 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000b0 e6 2c ee 54 03 00 00 00 - 00 00 00 00 00 00 00 00 æ,îT............
000000c0 00 00 00 00 e6 2c ee 54 - 0f 00 00 00 00 00 00 00 ....æ,îT........
000000d0 12 00 00 00 00 00 00 00 - 7c 2d ee 54 73 67 74 2e ........|-îTsgt.
000000e0 61 75 74 6f 6d 61 74 69 - 6f 6e 2e 6e 65 74 00 00 automation.net..
000000f0 01 00 00 00 00 00 00 00 - 04 00 00 00 00 00 00 00 ................
00000100 7c 2d ee 54 ff ff e0 00 - 33 00 00 00 00 00 00 00 |-îTÿÿà.3.......
00000110 04 00 00 00 00 00 00 00 - 7c 2d ee 54 00 00 01 2c ........|-îT...,
00000120 36 00 00 00 00 00 00 00 - 04 00 00 00 00 00 00 00 6...............
00000130 7c 2d ee 54 14 01 00 05 - 35 00 00 00 00 00 00 00 |-îT....5.......
00000140 01 00 00 00 00 00 00 00 - 7c 2d ee 54 05 00 00 00 ........|-îT....
Value 21
Name: DHCPNameServer
Type: REG_SZ
Data: 168.95.1.1
Value 22
Name: NameServer_bak
Type: REG_SZ
Data: |168.95.1.1
Value 23
Name: DhcpNameServer_bak
Type: REG_SZ
Data: 82.163.143.171|168.95.1.1
I checked my DNS servers and they are reading the correct ones...
I'm at a loss. When I have a connection, its no greater than 2mbps. Usual speed test is at about 40mbps.
Any help would be greatly appreciated...
I wanted to add that I also ran this bat...
Edited by jayoverhol, 08 July 2016 - 08:50 PM.