Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware/Infection Caused Chrome to Appear Outdated


  • This topic is locked This topic is locked
5 replies to this topic

#1 nikaylarose

nikaylarose

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 25 September 2016 - 08:40 PM

Hello there, I am hoping someone here can help me. I've read through numerous topics similar to what I have going on, tried all the steps suggested in them but still haven't had success removing my issue on my own. One day last week I noticed my Chrome suddenly appeared outdated looking, most notably when doing Google searches. This happened to me in July but I was able to fix it myself with a Malware Bytes scan and regediting some autoconfig proxy stuff, but this time none of that has worked. I ended up uninstalling and reinstalling Chrome several times (I should also note I don't currently have it installed now), doing scans in Safe Mode, MBAM never found anything. Defender has found and removed BrowserModifier:Win32/Diplugem twice but there's been no change. It also removed PUP.Optional.OpenCandy once and hasn't found it again, but again no change on how Chrome appears. There's nothing in the regedit like there was last time and I'm just at a loss. And seriously in need of this being fixed as my job is in coding and I can't code with my computer like this. Any help would be immensely appreciated, thank you.

 

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by Nikayla Rose (administrator) on NIKAYLA (25-09-2016 18:24:28)
Running from C:\Users\Nikayla Rose\Downloads
Loaded Profiles: Nikayla Rose (Available Profiles: Nikayla Rose & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-11-06] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2015-11-13] (IDT, Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3780791553-2422204792-2240290857-1002\...\Run: [Spotify Web Helper] => C:\Users\Nikayla Rose\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-23] (Spotify Ltd)
HKU\S-1-5-21-3780791553-2422204792-2240290857-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3780791553-2422204792-2240290857-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware)
HKU\S-1-5-21-3780791553-2422204792-2240290857-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [185816 2015-11-06] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [185816 2015-11-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164008 2015-11-06] (NVIDIA Corporation)
Startup: C:\Users\Nikayla Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-20]
ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\Nikayla Rose\AppData\Local\Facebook\Games\FacebookGames.exe ()
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5F1CC87A-FFCA-4F54-B2AC-D497D52B9361}: [DhcpNameServer] 10.30.0.1
Tcpip\..\Interfaces\{C56A3AEA-9C78-4E6C-9A12-E44A3CE0E6DB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-3780791553-2422204792-2240290857-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3780791553-2422204792-2240290857-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3780791553-2422204792-2240290857-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3780791553-2422204792-2240290857-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2016-08-18] (Perfect World Entertainment Inc)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3780791553-2422204792-2240290857-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: WSISAllmytubechrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\Nikayla Rose\AppData\Roaming\Mozilla\Firefox\Profiles\3b5ky4pk.default-1472340909622
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2016-08-18] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2016-07-14] ()
FF Plugin HKU\S-1-5-21-3780791553-2422204792-2240290857-1002: SkypePlugin -> C:\Users\Nikayla Rose\AppData\Local\SkypePlugin\7.26.0.47\npGatewayNpapi.dll [2016-09-15] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3780791553-2422204792-2240290857-1002: SkypePlugin64 -> C:\Users\Nikayla Rose\AppData\Local\SkypePlugin\7.26.0.47\npGatewayNpapi-x64.dll [2016-09-15] (Skype Technologies S.A.)
FF Extension: (New XKit) - C:\Users\Nikayla Rose\AppData\Roaming\Mozilla\Firefox\Profiles\3b5ky4pk.default-1472340909622\Extensions\@new-xkit.xpi [2016-09-25]
FF Extension: (Tumblr Savior) - C:\Users\Nikayla Rose\AppData\Roaming\Mozilla\Firefox\Profiles\3b5ky4pk.default-1472340909622\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2016-09-25]
FF Extension: (Adblock Plus) - C:\Users\Nikayla Rose\AppData\Roaming\Mozilla\Firefox\Profiles\3b5ky4pk.default-1472340909622\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-17]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2016-09-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com_xpi => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88024 2016-08-18] (Perfect World Entertainment Inc)
S3 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-10-29] (Digital Wave Ltd.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-04-07] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-10-02] (Ellora Assets Corp.) [File not signed]
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-07-14] (WildTangent)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-19] (Hi-Rez Studios) [File not signed]
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-07-22] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-07-22] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-11-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-11-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hpvision; C:\Windows\System32\drivers\hp64vision.sys [26944 2016-04-04] (Windows ® Codename Longhorn DDK provider)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-04] (REALiX™)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 iscFlash; C:\Program Files (x86)\SP68425\iscflashx64.sys [66760 2014-07-22] (Insyde Software)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-16] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-09-16] (Greatis Software)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-09] (Ralink Technology, Corp.)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [2980568 2014-12-09] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-11-12] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-11-12] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-11-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2016-02-29] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 18:16 - 2016-09-25 18:16 - 00000000 ____D C:\Users\Nikayla Rose\Downloads\FRST-OlderVersion
2016-09-24 00:58 - 2016-09-24 00:58 - 00004537 _____ C:\Users\Nikayla Rose\AppData\Roaming\CamStudio.cfg
2016-09-23 21:39 - 2016-09-24 19:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 01:41 - 2016-09-23 01:41 - 00082740 _____ C:\Users\Nikayla Rose\Downloads\catcafe.zip
2016-09-23 01:40 - 2016-09-23 01:40 - 00278725 _____ C:\Users\Nikayla Rose\Downloads\outerspace_militia.zip
2016-09-23 01:39 - 2016-09-23 01:39 - 03346848 _____ C:\Users\Nikayla Rose\Downloads\the_frontman_2.zip
2016-09-23 01:39 - 2016-09-23 01:39 - 00091351 _____ C:\Users\Nikayla Rose\Downloads\black_dahlia.zip
2016-09-23 01:37 - 2016-09-23 01:37 - 00729138 _____ C:\Users\Nikayla Rose\Downloads\zilap_geometrik.zip
2016-09-23 01:37 - 2016-09-23 01:37 - 00659359 _____ C:\Users\Nikayla Rose\Downloads\sanctuaire_du_machiniste.zip
2016-09-23 01:37 - 2016-09-23 01:37 - 00554070 _____ C:\Users\Nikayla Rose\Downloads\devil_east.zip
2016-09-23 01:37 - 2016-09-23 01:37 - 00423825 _____ C:\Users\Nikayla Rose\Downloads\casablanca_noir.zip
2016-09-23 01:37 - 2016-09-23 01:37 - 00058443 _____ C:\Users\Nikayla Rose\Downloads\wake_up_bro.zip
2016-09-23 01:37 - 2016-09-23 01:37 - 00035309 _____ C:\Users\Nikayla Rose\Downloads\gentleman_on_the_rainbow.zip
2016-09-23 01:36 - 2016-09-23 01:36 - 01393132 _____ C:\Users\Nikayla Rose\Downloads\death_star.zip
2016-09-23 01:36 - 2016-09-23 01:36 - 00954345 _____ C:\Users\Nikayla Rose\Downloads\lieben.zip
2016-09-23 01:36 - 2016-09-23 01:36 - 00096734 _____ C:\Users\Nikayla Rose\Downloads\filth_of_icarus.zip
2016-09-23 01:36 - 2016-09-23 01:36 - 00016148 _____ C:\Users\Nikayla Rose\Downloads\foursixteensixteen.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00258157 _____ C:\Users\Nikayla Rose\Downloads\hollandisch_closed.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00065662 _____ C:\Users\Nikayla Rose\Downloads\sunday_morning.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00041108 _____ C:\Users\Nikayla Rose\Downloads\salsabilla.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00037156 _____ C:\Users\Nikayla Rose\Downloads\kadisoka_monoline.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00036500 _____ C:\Users\Nikayla Rose\Downloads\adventures_on_the_mountains.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00033783 _____ C:\Users\Nikayla Rose\Downloads\fundamental.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00031325 _____ C:\Users\Nikayla Rose\Downloads\heart_romance.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00019249 _____ C:\Users\Nikayla Rose\Downloads\richard_true_crime.zip
2016-09-23 01:35 - 2016-09-23 01:35 - 00015795 _____ C:\Users\Nikayla Rose\Downloads\midnightconstellations.zip
2016-09-23 01:34 - 2016-09-23 01:34 - 03141590 _____ C:\Users\Nikayla Rose\Downloads\hotel_des_arts_1929.zip
2016-09-23 01:34 - 2016-09-23 01:34 - 00665832 _____ C:\Users\Nikayla Rose\Downloads\djb_file_folder_labels.zip
2016-09-23 01:34 - 2016-09-23 01:34 - 00130843 _____ C:\Users\Nikayla Rose\Downloads\kid_on_the_mountain.zip
2016-09-23 01:34 - 2016-09-23 01:34 - 00098685 _____ C:\Users\Nikayla Rose\Downloads\street_gathering.zip
2016-09-23 01:34 - 2016-09-23 01:34 - 00016023 _____ C:\Users\Nikayla Rose\Downloads\psycho_dad.zip
2016-09-23 01:34 - 2016-09-23 01:34 - 00013648 _____ C:\Users\Nikayla Rose\Downloads\thinpaws.zip
2016-09-23 01:34 - 2016-09-23 01:34 - 00012926 _____ C:\Users\Nikayla Rose\Downloads\awpaws.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 02441721 _____ C:\Users\Nikayla Rose\Downloads\taken_by_vultures.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 00274019 _____ C:\Users\Nikayla Rose\Downloads\helloetchasketch.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 00234320 _____ C:\Users\Nikayla Rose\Downloads\new_comic_title.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 00195361 _____ C:\Users\Nikayla Rose\Downloads\dk_tartufo.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 00098162 _____ C:\Users\Nikayla Rose\Downloads\bad_stories.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 00077638 _____ C:\Users\Nikayla Rose\Downloads\another_birdhouse.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 00028156 _____ C:\Users\Nikayla Rose\Downloads\band_of_reality.zip
2016-09-23 01:33 - 2016-09-23 01:33 - 00017191 _____ C:\Users\Nikayla Rose\Downloads\the_airlines.zip
2016-09-23 01:28 - 2016-09-23 01:28 - 00188968 _____ C:\Users\Nikayla Rose\Downloads\hercule_vs_golliath.zip
2016-09-23 01:27 - 2016-09-23 01:28 - 00099863 _____ C:\Users\Nikayla Rose\Downloads\germanika.zip
2016-09-23 01:27 - 2016-09-23 01:27 - 01021638 _____ C:\Users\Nikayla Rose\Downloads\granite_rock_st.zip
2016-09-23 01:27 - 2016-09-23 01:27 - 00463224 _____ C:\Users\Nikayla Rose\Downloads\on_the_horizon.zip
2016-09-23 01:27 - 2016-09-23 01:27 - 00287868 _____ C:\Users\Nikayla Rose\Downloads\sentimental_beach.zip
2016-09-23 01:27 - 2016-09-23 01:27 - 00198333 _____ C:\Users\Nikayla Rose\Downloads\barbed_wires.zip
2016-09-23 01:27 - 2016-09-23 01:27 - 00179740 _____ C:\Users\Nikayla Rose\Downloads\october_quotes.zip
2016-09-23 01:27 - 2016-09-23 01:27 - 00128318 _____ C:\Users\Nikayla Rose\Downloads\fresszettel.zip
2016-09-23 01:26 - 2016-09-23 01:26 - 01749339 _____ C:\Users\Nikayla Rose\Downloads\bristle_brush_script.zip
2016-09-23 01:26 - 2016-09-23 01:26 - 01044327 _____ C:\Users\Nikayla Rose\Downloads\dk_darker_marker.zip
2016-09-23 01:26 - 2016-09-23 01:26 - 00935875 _____ C:\Users\Nikayla Rose\Downloads\nightingale.zip
2016-09-23 01:26 - 2016-09-23 01:26 - 00081388 _____ C:\Users\Nikayla Rose\Downloads\hacked_crt.zip
2016-09-23 01:25 - 2016-09-23 01:25 - 01998484 _____ C:\Users\Nikayla Rose\Downloads\haydon_brush.zip
2016-09-23 01:25 - 2016-09-23 01:25 - 01444833 _____ C:\Users\Nikayla Rose\Downloads\zero2.zip
2016-09-23 01:25 - 2016-09-23 01:25 - 00631249 _____ C:\Users\Nikayla Rose\Downloads\mark_my_words.zip
2016-09-23 01:25 - 2016-09-23 01:25 - 00088000 _____ C:\Users\Nikayla Rose\Downloads\eternity_tomorrow.zip
2016-09-23 01:25 - 2016-09-23 01:25 - 00047081 _____ C:\Users\Nikayla Rose\Downloads\hubster.zip
2016-09-23 01:24 - 2016-09-23 01:24 - 00149842 _____ C:\Users\Nikayla Rose\Downloads\great_day.zip
2016-09-23 01:24 - 2016-09-23 01:24 - 00082945 _____ C:\Users\Nikayla Rose\Downloads\delirium_ncv.zip
2016-09-23 01:24 - 2016-09-23 01:24 - 00023916 _____ C:\Users\Nikayla Rose\Downloads\northern_lights_script.zip
2016-09-21 17:35 - 2016-09-21 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-21 17:34 - 2016-09-21 17:34 - 00000000 ____D C:\Program Files\iPod
2016-09-20 21:50 - 2016-09-20 21:52 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\HirezLauncherUI
2016-09-20 21:48 - 2016-09-25 17:50 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-09-20 21:48 - 2016-09-20 21:57 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-09-20 21:48 - 2016-09-20 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-09-17 00:26 - 2016-09-17 00:31 - 00053233 _____ C:\Users\Nikayla Rose\Downloads\Addition.txt
2016-09-17 00:23 - 2016-09-25 18:24 - 00019977 _____ C:\Users\Nikayla Rose\Downloads\FRST.txt
2016-09-17 00:23 - 2016-09-25 18:24 - 00000000 ____D C:\FRST
2016-09-17 00:22 - 2016-09-25 18:16 - 02403328 _____ (Farbar) C:\Users\Nikayla Rose\Downloads\FRST64.exe
2016-09-17 00:11 - 2016-09-17 00:11 - 03861056 _____ C:\Users\Nikayla Rose\Downloads\AdwCleaner.exe
2016-09-16 22:20 - 2016-09-17 00:56 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-16 22:19 - 2016-09-16 22:19 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\Deployment
2016-09-16 22:11 - 2016-09-16 22:11 - 00892944 _____ (Microsoft Corporation) C:\Users\Nikayla Rose\Downloads\mssstool64.exe
2016-09-16 01:20 - 2016-09-25 02:00 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0d300b1f-b7db-4b3c-b8ea-e08db5d08f29.job
2016-09-16 01:20 - 2016-09-25 01:20 - 00000540 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 71ab42ae-7005-4263-9198-7e67a06fbb51.job
2016-09-16 01:20 - 2016-09-16 01:20 - 00003606 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 0d300b1f-b7db-4b3c-b8ea-e08db5d08f29
2016-09-16 01:20 - 2016-09-16 01:20 - 00003524 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 71ab42ae-7005-4263-9198-7e67a06fbb51
2016-09-16 01:20 - 2016-09-16 01:20 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\SUPERAntiSpyware.com
2016-09-16 01:20 - 2016-09-16 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-09-16 01:19 - 2016-09-16 01:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-09-16 01:19 - 2016-09-16 01:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-09-16 00:30 - 2016-09-25 17:49 - 00000248 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2016-09-16 00:29 - 2016-09-16 00:29 - 00000000 ____D C:\@RestoreQuarantine
2016-09-16 00:25 - 2016-09-17 00:45 - 00001000 _____ C:\WINDOWS\system32\Partizan.RRI
2016-09-16 00:16 - 2016-09-18 20:34 - 00000000 ____D C:\ProgramData\RegRun
2016-09-16 00:16 - 2016-09-16 00:16 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2016-09-16 00:15 - 2016-09-25 17:53 - 00000000 ____D C:\Users\Nikayla Rose\Documents\RegRun2
2016-09-16 00:15 - 2016-09-24 23:11 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-09-16 00:15 - 2016-09-18 20:37 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-09-16 00:15 - 2016-09-16 00:15 - 00003336 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2016-09-16 00:15 - 2016-09-16 00:15 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2016-09-16 00:15 - 2016-09-16 00:15 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2016-09-16 00:15 - 2016-09-16 00:15 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2016-09-16 00:15 - 2016-09-16 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-09-16 00:15 - 2016-08-31 11:53 - 00015016 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2016-09-16 00:15 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2016-09-15 22:55 - 2016-09-15 22:55 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\ESET
2016-09-15 22:29 - 2016-09-15 22:29 - 00000000 ____D C:\WINDOWS\pss
2016-09-15 21:57 - 2016-09-08 14:51 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-15 21:57 - 2016-09-08 14:51 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-15 21:57 - 2016-08-22 09:06 - 00179248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-15 21:57 - 2016-08-22 09:06 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-15 21:57 - 2016-08-20 18:03 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-15 21:57 - 2016-08-20 18:01 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-15 21:57 - 2016-08-20 18:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-15 21:57 - 2016-08-20 17:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-09-15 21:57 - 2016-08-20 16:45 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-09-15 21:57 - 2016-08-20 16:27 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-15 21:57 - 2016-08-20 16:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-09-15 21:57 - 2016-08-20 16:22 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-15 21:57 - 2016-08-20 16:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-09-15 21:57 - 2016-08-20 15:55 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-09-15 21:57 - 2016-08-20 15:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-15 21:57 - 2016-08-20 15:42 - 07795712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-15 21:57 - 2016-08-20 15:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-15 21:57 - 2016-08-09 15:47 - 00803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-15 21:57 - 2016-08-09 15:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-09-15 21:57 - 2016-08-04 07:17 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-15 21:57 - 2016-08-03 11:06 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-15 21:57 - 2016-08-03 11:05 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-15 21:56 - 2016-08-31 20:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-15 21:56 - 2016-08-31 19:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-09-15 21:56 - 2016-08-31 19:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-09-15 21:56 - 2016-08-31 18:39 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-09-15 21:56 - 2016-08-31 18:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-15 21:56 - 2016-08-31 18:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-15 21:56 - 2016-08-31 18:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-09-15 21:56 - 2016-08-31 17:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-15 21:56 - 2016-08-31 17:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-09-15 21:56 - 2016-08-31 17:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-09-15 21:56 - 2016-08-31 17:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-15 21:56 - 2016-08-31 17:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-15 21:56 - 2016-08-31 17:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-09-15 21:56 - 2016-08-31 17:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-15 21:56 - 2016-08-31 16:38 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-09-15 21:56 - 2016-08-31 16:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-15 21:56 - 2016-08-31 16:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-15 21:56 - 2016-08-31 16:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-15 21:56 - 2016-08-31 15:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-15 21:56 - 2016-08-31 15:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-15 21:56 - 2016-08-25 22:51 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-15 21:56 - 2016-08-25 21:44 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-15 21:56 - 2016-08-25 21:41 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-09-15 21:56 - 2016-08-25 21:00 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-09-15 21:56 - 2016-08-13 00:41 - 07445848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-15 21:56 - 2016-08-13 00:40 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-15 21:56 - 2016-08-13 00:40 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-15 21:56 - 2016-08-13 00:40 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-15 21:56 - 2016-08-13 00:40 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-15 21:56 - 2016-08-13 00:40 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-15 21:56 - 2016-08-12 17:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-15 21:56 - 2016-08-11 09:26 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-15 21:56 - 2016-08-11 09:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-15 21:56 - 2016-08-11 09:16 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-15 21:55 - 2016-08-14 12:34 - 01541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-15 21:55 - 2016-08-14 11:25 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-15 21:55 - 2016-08-14 09:14 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-15 19:59 - 2016-09-15 19:59 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-15 19:56 - 2016-09-15 21:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-15 19:55 - 2016-09-15 21:22 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-15 19:55 - 2016-09-15 19:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-14 00:06 - 2016-09-16 00:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-12 04:28 - 2016-09-12 04:29 - 216591384 _____ C:\Users\Nikayla Rose\Desktop\venus.tif
2016-09-07 19:37 - 2016-09-07 19:37 - 00253918 _____ C:\Users\Nikayla Rose\Downloads\batman_the_dark_kni (1).zip
2016-09-07 19:37 - 2016-09-07 19:37 - 00005852 _____ C:\Users\Nikayla Rose\Downloads\batman_logo_evolution_tfb.zip
2016-09-07 19:36 - 2016-09-07 19:36 - 01623595 _____ C:\Users\Nikayla Rose\Downloads\batman_evolution_logo_font.zip
2016-09-07 19:33 - 2016-09-07 19:33 - 00253918 _____ C:\Users\Nikayla Rose\Downloads\batman_the_dark_kni.zip
2016-09-07 19:33 - 2016-09-07 19:33 - 00076580 _____ C:\Users\Nikayla Rose\Downloads\batman_beat_the_hel.zip
2016-09-07 19:33 - 2016-09-07 19:33 - 00032300 _____ C:\Users\Nikayla Rose\Downloads\batman.zip
2016-09-07 19:32 - 2016-09-07 19:32 - 00053034 _____ C:\Users\Nikayla Rose\Downloads\batman_forever.zip
2016-09-07 19:32 - 2016-09-07 19:32 - 00036260 _____ C:\Users\Nikayla Rose\Downloads\ds_digital.zip
2016-09-07 02:38 - 2016-09-07 02:40 - 00000000 ____D C:\Program Files (x86)\Champions Online_en
2016-09-07 02:37 - 2016-09-07 02:38 - 00000000 ___HD C:\ArcTemp
2016-08-28 05:41 - 2016-09-24 00:58 - 00000408 _____ C:\Users\Nikayla Rose\AppData\Roaming\CamShapes.ini
2016-08-28 05:41 - 2016-09-24 00:58 - 00000408 _____ C:\Users\Nikayla Rose\AppData\Roaming\CamLayout.ini
2016-08-28 05:41 - 2016-09-24 00:58 - 00000096 _____ C:\Users\Nikayla Rose\AppData\Roaming\Camdata.ini
2016-08-27 23:48 - 2016-09-07 13:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-27 23:48 - 2016-08-27 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-27 20:02 - 2016-08-27 20:06 - 00000000 ____D C:\Users\Nikayla Rose\Documents\My CamStudio Videos
2016-08-27 20:01 - 2016-08-27 20:06 - 00000000 ____D C:\Users\Nikayla Rose\Documents\My CamStudio Temp Files
2016-08-27 20:00 - 2016-09-24 00:58 - 00000096 _____ C:\Users\Nikayla Rose\AppData\Roaming\version2.xml
2016-08-27 19:59 - 2016-08-27 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2016-08-27 19:59 - 2016-08-27 19:59 - 00000000 ____D C:\Program Files\CamStudio 2.7
2016-08-27 19:49 - 2016-08-27 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-08-27 19:49 - 2016-08-27 19:49 - 00000000 ____D C:\Fraps
2016-08-27 17:45 - 2016-09-16 00:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-27 17:45 - 2016-09-16 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-27 16:48 - 2016-08-27 16:48 - 00001966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2016-08-27 16:48 - 2016-08-27 16:48 - 00001006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-08-27 16:48 - 2016-08-27 16:48 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\LogMeIn
2016-08-27 16:48 - 2016-08-27 16:48 - 00000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2016-08-27 16:48 - 2016-07-22 17:45 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2016-08-27 16:48 - 2016-01-29 11:53 - 00035328 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2016-08-27 16:48 - 2015-06-15 09:14 - 00072216 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2016-08-27 16:43 - 2016-08-27 16:48 - 00000000 ____D C:\ProgramData\LogMeIn
2016-08-27 16:43 - 2016-08-27 16:48 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-08-27 16:43 - 2016-08-27 16:43 - 00001024 _____ C:\.rnd
2016-08-27 16:43 - 2016-07-22 17:45 - 00107520 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2016-08-26 04:58 - 2016-09-20 17:15 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2016-08-26 04:58 - 2016-08-26 04:58 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\FacebookGames
2016-08-26 04:58 - 2016-08-26 04:58 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\Facebook

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 18:24 - 2015-11-06 21:03 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\Skype
2016-09-25 18:17 - 2013-08-28 23:45 - 00000000 ____D C:\Users\Nikayla Rose\Desktop\Things
2016-09-25 18:14 - 2016-06-16 21:10 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\Battle.net
2016-09-25 18:14 - 2016-06-16 21:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-09-25 17:50 - 2015-11-12 02:49 - 00000000 ___RD C:\Users\Nikayla Rose\OneDrive
2016-09-25 17:50 - 2015-11-12 02:42 - 00000000 __SHD C:\Users\Nikayla Rose\IntelGraphicsProfiles
2016-09-25 17:50 - 2013-06-29 19:41 - 00000000 ____D C:\Users\Nikayla Rose\AppData\LocalLow\AuthenTec
2016-09-25 17:49 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-25 05:08 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-25 04:31 - 2015-11-06 22:06 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-25 02:00 - 2015-11-07 01:40 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\Adobe
2016-09-24 21:26 - 2016-02-22 22:03 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\ElevatedDiagnostics
2016-09-24 21:24 - 2012-08-10 17:45 - 00000821 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-09-24 21:22 - 2015-11-22 01:45 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\Audacity
2016-09-24 21:20 - 2013-09-05 22:50 - 00000000 ____D C:\Users\Nikayla Rose\Documents\Youcam
2016-09-24 21:18 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-24 19:05 - 2016-03-03 21:28 - 00000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNikayla Rose.job
2016-09-24 19:05 - 2016-01-27 21:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-24 03:14 - 2015-11-06 21:54 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\vlc
2016-09-24 02:31 - 2015-11-28 01:55 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\SkypePlugin
2016-09-23 20:15 - 2015-11-06 21:19 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3780791553-2422204792-2240290857-1002
2016-09-23 20:13 - 2016-07-21 21:06 - 00003204 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNikayla Rose
2016-09-23 20:00 - 2013-08-22 07:44 - 05997752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-23 06:38 - 2015-11-08 21:42 - 00000132 _____ C:\Users\Nikayla Rose\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-23 05:17 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-23 05:17 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-23 00:50 - 2015-11-06 21:48 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\Spotify
2016-09-23 00:50 - 2015-11-06 21:48 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\Spotify
2016-09-22 02:06 - 2014-11-21 01:44 - 00006428 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-21 20:49 - 2013-10-31 02:30 - 00000000 ____D C:\Users\Nikayla Rose\Downloads\x Move
2016-09-21 19:04 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2016-09-21 17:35 - 2016-06-20 17:50 - 00000000 ____D C:\Program Files\iTunes
2016-09-21 17:34 - 2015-11-07 20:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-09-21 05:34 - 2015-08-05 02:59 - 00000000 ___HD C:\Users\Nikayla Rose\Documents\New folder
2016-09-20 21:57 - 2014-08-06 15:52 - 00000000 ____D C:\Users\Nikayla Rose\Documents\My Games
2016-09-20 21:49 - 2015-11-06 21:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-20 21:48 - 2012-09-24 18:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-20 20:39 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-20 00:34 - 2016-04-09 18:15 - 00000000 ____D C:\KMPlayer
2016-09-17 00:52 - 2015-11-06 21:43 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\Google
2016-09-17 00:15 - 2015-04-29 17:50 - 00000000 ____D C:\AdwCleaner
2016-09-16 23:14 - 2016-07-11 19:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-16 18:02 - 2013-03-22 09:12 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2016-09-16 17:29 - 2015-12-15 19:50 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\XnView
2016-09-16 16:53 - 2016-07-11 19:02 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-16 02:01 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-16 01:24 - 2015-11-07 01:18 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-16 01:19 - 2015-03-07 22:26 - 00000000 ____D C:\Users\Nikayla Rose\Downloads\Programs etc
2016-09-16 00:04 - 2015-11-07 01:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-15 21:50 - 2015-11-06 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-09-15 21:50 - 2015-11-06 23:48 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-09-15 21:45 - 2016-04-04 20:44 - 00000000 ____D C:\ProgramData\ProductData
2016-09-15 21:40 - 2016-04-04 20:42 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\IObit
2016-09-15 21:30 - 2015-11-12 02:04 - 00000000 ____D C:\Users\Nikayla Rose
2016-09-15 21:27 - 2016-07-11 19:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-15 21:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-09-15 21:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\setup
2016-09-15 21:23 - 2016-07-11 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-15 21:23 - 2016-06-16 20:35 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\Battle.net
2016-09-15 21:23 - 2016-04-04 20:44 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\ProductData
2016-09-15 21:23 - 2016-04-04 20:43 - 00000000 ____D C:\Users\Nikayla Rose\AppData\LocalLow\IObit
2016-09-15 21:23 - 2015-11-16 04:58 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-15 21:23 - 2015-11-15 19:19 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-09-15 21:23 - 2015-11-12 02:04 - 00000000 ____D C:\Users\Administrator
2016-09-15 21:23 - 2015-11-07 20:55 - 00000000 ____D C:\ProgramData\Apple Computer
2016-09-15 21:23 - 2013-08-22 08:36 - 00000000 __RSD C:\WINDOWS\Media
2016-09-15 21:23 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-09-15 21:23 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-15 21:23 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-09-15 21:23 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-09-15 21:23 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-15 21:22 - 2015-10-28 14:05 - 00000000 ____D C:\Program Files (x86)\SP68425
2016-09-15 21:13 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
2016-09-15 21:08 - 2016-08-18 00:34 - 00000000 ____D C:\Program Files (x86)\Arc
2016-09-14 16:37 - 2014-04-01 22:10 - 00000000 ____D C:\Users\Nikayla Rose\Downloads\Photos
2016-09-12 00:08 - 2015-09-22 16:03 - 00000534 _____ C:\Users\Nikayla Rose\Desktop\to do.txt
2016-09-09 02:29 - 2015-11-13 19:53 - 00001456 _____ C:\Users\Nikayla Rose\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-08 16:09 - 2015-11-06 23:43 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-09-08 14:43 - 2016-04-11 22:26 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Roaming\SmartSteamEmu
2016-09-08 14:40 - 2013-09-02 19:29 - 00000000 ____D C:\Games
2016-09-07 13:25 - 2015-11-06 21:57 - 00000000 ____D C:\ProgramData\Skype
2016-09-07 02:38 - 2016-08-18 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2016-09-06 20:51 - 2015-11-17 23:56 - 00000278 _____ C:\Users\Nikayla Rose\Desktop\Custom Font.txt
2016-09-06 18:11 - 2016-07-13 17:55 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-06 18:11 - 2016-07-13 17:55 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-27 23:38 - 2015-11-06 21:04 - 00000000 ____D C:\Users\Nikayla Rose\AppData\Local\Skype
2016-08-27 23:18 - 2016-01-27 21:06 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-26 03:04 - 2016-01-31 00:29 - 00000832 _____ C:\Users\Nikayla Rose\Desktop\Themes.txt

==================== Files in the root of some directories =======

2015-11-08 21:42 - 2016-09-23 06:38 - 0000132 _____ () C:\Users\Nikayla Rose\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-28 05:41 - 2016-09-24 00:58 - 0000096 _____ () C:\Users\Nikayla Rose\AppData\Roaming\Camdata.ini
2016-08-28 05:41 - 2016-09-24 00:58 - 0000408 _____ () C:\Users\Nikayla Rose\AppData\Roaming\CamLayout.ini
2016-08-28 05:41 - 2016-09-24 00:58 - 0000408 _____ () C:\Users\Nikayla Rose\AppData\Roaming\CamShapes.ini
2016-09-24 00:58 - 2016-09-24 00:58 - 0004537 _____ () C:\Users\Nikayla Rose\AppData\Roaming\CamStudio.cfg
2016-08-27 20:00 - 2016-09-24 00:58 - 0000096 _____ () C:\Users\Nikayla Rose\AppData\Roaming\version2.xml
2015-11-13 19:53 - 2016-09-09 02:29 - 0001456 _____ () C:\Users\Nikayla Rose\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 00:06

==================== End of FRST.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nikaylarose

nikaylarose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 25 September 2016 - 09:38 PM

Edit: I forgot to add that Defender also found Trojan:Win32/Dynamer!ac and removed it. None of the items mentioned have been found by MBAM at any point.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 AM

Posted 26 September 2016 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
Toolbar: HKU\S-1-5-21-3780791553-2422204792-2240290857-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSISAllmytubechrome - No CLSID Value
FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com_xpi => not found
S4 LMIRfsClientNP; no ImagePath
Task: {2A22C6AE-41EA-4E41-8B6D-B00208A38D87} - \Driver Booster SkipUAC (Nikayla Rose) -> No File <==== ATTENTION
Task: {6EEC6E4F-7992-4417-AE60-7D361040A5CD} - \{76FB315B-6D85-470C-A7BD-F625CE47A6A1} -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
===

Please post the log and let me know what problem persists.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 AM

Posted 26 September 2016 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
Toolbar: HKU\S-1-5-21-3780791553-2422204792-2240290857-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSISAllmytubechrome - No CLSID Value
FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com_xpi => not found
S4 LMIRfsClientNP; no ImagePath
Task: {2A22C6AE-41EA-4E41-8B6D-B00208A38D87} - \Driver Booster SkipUAC (Nikayla Rose) -> No File <==== ATTENTION
Task: {6EEC6E4F-7992-4417-AE60-7D361040A5CD} - \{76FB315B-6D85-470C-A7BD-F625CE47A6A1} -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
===

Please post the log and let me know what problem persists.

#5 nikaylarose

nikaylarose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 26 September 2016 - 05:35 PM

Hello and thank you so much for the help! As far as I can tell Chrome is now appearing normally, I reinstalled after doing the fixlist and restart. Here is my fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Nikayla Rose (26-09-2016 14:17:41) Run:1
Running from C:\Users\Nikayla Rose\Downloads
Loaded Profiles: Nikayla Rose (Available Profiles: Nikayla Rose & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
Toolbar: HKU\S-1-5-21-3780791553-2422204792-2240290857-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: WSISAllmytubechrome - No CLSID Value
FF HKLM-x32\...\Firefox\Extensions: [ISAllmytube@iSkysoft.com] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com_xpi => not found
S4 LMIRfsClientNP; no ImagePath
Task: {2A22C6AE-41EA-4E41-8B6D-B00208A38D87} - \Driver Booster SkipUAC (Nikayla Rose) -> No File <==== ATTENTION
Task: {6EEC6E4F-7992-4417-AE60-7D361040A5CD} - \{76FB315B-6D85-470C-A7BD-F625CE47A6A1} -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
HKU\S-1-5-21-3780791553-2422204792-2240290857-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKCR\PROTOCOLS\Handler\WSISAllmytubechrome" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ISAllmytube@iSkysoft.com => value removed successfully
LMIRfsClientNP => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A22C6AE-41EA-4E41-8B6D-B00208A38D87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A22C6AE-41EA-4E41-8B6D-B00208A38D87}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Nikayla Rose) => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EEC6E4F-7992-4417-AE60-7D361040A5CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EEC6E4F-7992-4417-AE60-7D361040A5CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76FB315B-6D85-470C-A7BD-F625CE47A6A1}" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 104717509 B
Java, Flash, Steam htmlcache => 404317858 B
Windows/system/drivers => 12990338 B
Edge => 0 B
Chrome => 0 B
Firefox => 385888280 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 699950 B
Nikayla Rose => 66618938 B
Administrator => 29097 B

RecycleBin => 1950137182 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:19:25 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:50 AM

Posted 27 September 2016 - 08:58 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users