Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad File Installed - Pop-Ups Galore


  • Please log in to reply

#1
corn4ahead

corn4ahead

    Member

  • Member
  • PipPipPip
  • 175 posts

So i accidentally installed a corrupt file that has put a nasty virus on my computer. I have run my panda antivirus and MalwareBytes two times. It seemed to clean up most of the issues I guess but I still cannot uninstall files such as "MPC Cleaner" and I am getting a lot of redirection when I try to use any web browsers. Also,  web browser randomly pops up to a virus page. Any Help would be great.

 

My system is a Dell XPS 15 L502x running Windows 10.

 

Here is FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Brad (administrator) on BRAD-PC (23-06-2016 22:58:51)
Running from C:\Users\Brad\Desktop
Loaded Profiles: Brad &  (Available Profiles: Brad & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\Lamzap\Lamzap.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Windows\SysWOW64\CpuHeatMapping\16641\CpuHeatMapping.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files\Udutdy\Bedopudm.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131\qnssFDCC.tmp
() C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\jnsaA40C.tmp
() C:\Program Files\Udutdy\Nidkaf.exe
() C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\CpuEssentials\165271\CpuEssentials.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\Udutdy\MiepDemf.exe
() C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\hnsiB9B8.tmp
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
() C:\Program Files\Udutdy\Mifehafn64.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe
() C:\Program Files (x86)\EasyHotspot\idsccom_W1Q.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\mpck\wincom_DO7.exe
() C:\Program Files (x86)\sunnyday\wincom_Q57.exe
() C:\Program Files (x86)\FastWeb\fastweb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [cpuminer] => C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe [1399808 2016-03-31] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [AdBlock2] => [X]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [GoogleChromeAutoLaunch_486A54232E7A6A76188CD6D03A70FC2E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [406396 2016-06-23] ()
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [fastweb] => C:\Program Files (x86)\FastWeb\fastweb.exe [224768 2016-06-23] ()
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_486A54232E7A6A76188CD6D03A70FC2E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [406396 2016-06-23] ()
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [fastweb] => C:\Program Files (x86)\FastWeb\fastweb.exe [224768 2016-06-23] ()
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\fdd333eecbb2e25acfff.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Brad\AppData\Roaming\Microsoft\Protect\65555_65555_6200_0_acaaf.rs"
Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mysystem.lnk [2016-06-23]
ShortcutTarget: mysystem.lnk -> C:\Program Files (x86)\Microsoft Corporation\SystemAlert.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{345faf49-89ce-44be-b86b-86bfadcd1bea}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8096fe48-d236-4fa8-baca-177c66ee4e90}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8096fe48-d236-4fa8-baca-177c66ee4e90}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a3dfbbbf-d300-470e-9d60-f56a312fa756}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{a5a19e26-8611-439f-ae36-051ae7447df8}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{aaef004a-988c-11e5-b3c3-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{b5f25508-8086-4f7d-a38b-15fc4d74e216}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{e1845eae-c61c-4511-acee-ec012bb58ecc}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{fab6903f-7dd7-475e-bdf6-da7c4093a4f4}: [NameServer] 104.197.191.4
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=55&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&SSPV=
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=55&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&SSPV=
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=58&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> {7E89B134-75F9-48C2-A72F-68444C885701} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBF3D7F47-8F9F-4BD5-9FEA-941C0A6BA938&SearchSource=58&CUI=&UM=8&UP=SPEBCC1321-4879-4F45-986E-FA9112E5F874&D=062316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7E89B134-75F9-48C2-A72F-68444C885701} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
SearchScopes: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYir659YyWF8ifhFAUKpcTjf6Y5FpC4FH2LSPVy7RA9dxTTZy6S-JVWFBICwFurBId4Leoadzq9raf96edg1wq6LaqyEZ7aJeB1bLWI0-oXSZ9IZVoXahyrC3sZnqs2VGLItNrqFLGjV1KOKvAew5AKrZR-er&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\Plugins\IEx64\MFLPluginIE.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1061724313-1516444972-2292327885-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Brad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Brad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-19] (Citrix Online)
FF HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi [2016-04-22]
FF HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-23]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 4EC37AC9-A3AC-43D9-9408-10C9C549999B; C:\Program Files\Udutdy\Bedopudm.exe [271360 2016-06-23] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76944 2016-06-01] (Comodo Security Solutions, Inc.)
R2 CpuEssentials; C:\WINDOWS\CpuEssentials/165271\CpuEssentials.exe [7680 2016-05-27] () [File not signed]
R2 CpuHeatMapping; C:\WINDOWS\SysWOW64\CpuHeatMapping/16641\CpuHeatMapping.exe [12288 2016-06-11] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [964608 2016-06-23] () [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-06-23] (DotC United Inc)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
S2 ProntSpooler; C:\Users\Brad\AppData\Local\Apps\2.0\abril.exe [134656 2016-05-19] () [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 Gifzu; "C:\Users\Brad\AppData\Roaming\AobazMunim\Titgudji.exe" -cms [X]
S2 Newbov; "C:\Users\Brad\AppData\Roaming\OhuffMiiunpo\Dufkihl.exe" -cms [X]
R2 tilinupuzbt; C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-03] (Disc Soft Ltd)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-23] (Malwarebytes)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-06-23] (DotC United Inc)
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [103824 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-16] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [120208 2015-07-16] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [112536 2015-07-16] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-16] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [309648 2015-07-16] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [179608 2015-07-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-16] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-16] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [173464 2015-07-21] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [130968 2015-07-21] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207256 2015-07-21] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133528 2015-07-21] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [143768 2015-07-21] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117144 2015-07-21] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-06-23] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
R4 PsBoot; system32\Drivers\PsBoot.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-23 22:58 - 2016-06-23 22:58 - 00029916 _____ C:\Users\Brad\Desktop\FRST.txt
2016-06-23 22:57 - 2016-06-23 22:58 - 00000000 ____D C:\FRST
2016-06-23 22:57 - 2016-06-23 22:57 - 02387456 _____ (Farbar) C:\Users\Brad\Desktop\FRST64.exe
2016-06-23 22:49 - 2015-06-26 15:08 - 00294400 _____ (CodePlex Community) C:\Users\Brad\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-06-23 22:48 - 2016-06-23 22:48 - 00001798 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-06-23 22:48 - 2016-06-23 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-06-23 22:36 - 2016-06-23 22:36 - 00000046 _____ C:\WINDOWS\wininit.ini
2016-06-23 22:34 - 2016-06-23 22:34 - 00000000 ____D C:\WINDOWS\CpuEssentials
2016-06-23 22:18 - 2016-06-23 22:50 - 00000000 ____D C:\Users\Brad\AppData\Local\4C4C4544-1466720306-5410-8046-B8C04F535131
2016-06-23 20:44 - 2016-06-23 22:49 - 00003314 _____ C:\WINDOWS\System32\Tasks\AdBlock
2016-06-23 20:44 - 2016-06-23 20:44 - 00000000 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-06-23 20:20 - 2016-06-23 22:30 - 00000000 ____D C:\Users\Brad\AppData\Local\app
2016-06-23 20:19 - 2016-06-23 20:19 - 00000000 ____D C:\Users\Brad\AppData\Roaming\MCorp
2016-06-23 20:19 - 2016-06-23 20:19 - 00000000 ____D C:\ProgramData\8ec77ebd-7ed5-1
2016-06-23 20:19 - 2016-06-23 20:19 - 00000000 ____D C:\ProgramData\8ec77ebd-4263-0
2016-06-23 20:17 - 2016-06-23 22:31 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Ohypg
2016-06-23 20:17 - 2016-06-23 22:31 - 00000000 ____D C:\Users\Brad\AppData\Roaming\OhuffMiiunpo
2016-06-23 20:17 - 2016-06-23 22:31 - 00000000 ____D C:\Program Files\Joca
2016-06-23 20:16 - 2016-06-23 22:36 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-06-23 20:16 - 2016-06-23 20:40 - 00000000 ____D C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131
2016-06-23 20:15 - 2016-06-21 00:50 - 00304223 _____ ( ) C:\WINDOWS\AdBlock.exe
2016-06-23 20:13 - 2016-06-23 20:13 - 00000258 __RSH C:\Users\Brad\ntuser.pol
2016-06-23 20:13 - 2016-06-23 20:13 - 00000000 ____D C:\Users\Brad\AppData\Local\WebDiscoverBrowser
2016-06-23 20:11 - 2016-06-23 20:11 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-23 20:11 - 2016-06-23 20:11 - 00000000 ____D C:\WINDOWS\system32\kej
2016-06-23 20:11 - 2016-06-23 20:11 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Mozilla
2016-06-23 20:10 - 2016-06-23 20:37 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2016-06-23 20:10 - 2016-06-23 20:34 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Checkers
2016-06-23 20:09 - 2016-06-23 22:31 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Finci
2016-06-23 20:09 - 2016-06-23 22:14 - 00000000 ____D C:\Program Files (x86)\Get-a-Clip
2016-06-23 20:09 - 2016-06-23 20:46 - 00000000 ____D C:\Users\Brad\AppData\Local\UltimateSpeedTester
2016-06-23 20:09 - 2016-06-23 20:21 - 00000000 ____D C:\Users\Brad\AppData\Local\WikiZ
2016-06-23 20:09 - 2016-06-23 20:17 - 00000000 ____D C:\Users\Brad\AppData\Local\Tempfolder
2016-06-23 20:09 - 2016-06-23 20:09 - 00062168 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mfldriver2.sys
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow00C35888
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow000002034AE30508
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow\Company
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\Users\Brad\AppData\Local\csdi_monetize_220160623
2016-06-23 20:09 - 2016-06-23 20:09 - 00000000 ____D C:\uninst
2016-06-23 20:08 - 2016-06-23 22:47 - 00000000 ___HD C:\Program Files (x86)\behaving
2016-06-23 20:08 - 2016-06-23 22:47 - 00000000 ____D C:\Program Files\Udutdy
2016-06-23 20:08 - 2016-06-23 22:45 - 00000000 ___HD C:\Program Files (x86)\rota
2016-06-23 20:08 - 2016-06-23 22:36 - 00000000 ____D C:\Program Files\COMODO
2016-06-23 20:08 - 2016-06-23 22:24 - 00000000 ____D C:\Program Files (x86)\Hostify
2016-06-23 20:08 - 2016-06-23 21:44 - 00000000 ____D C:\Program Files\KMSnano
2016-06-23 20:08 - 2016-06-23 20:10 - 00000000 ____D C:\ProgramData\COMODO
2016-06-23 20:08 - 2016-06-23 20:09 - 00000000 ____D C:\ProgramData\Lamzaps
2016-06-23 20:08 - 2016-06-23 20:08 - 00590347 _____ C:\Users\Brad\AppData\Local\setupone.exe
2016-06-23 20:08 - 2016-06-23 20:08 - 00027456 _____ C:\WINDOWS\system32\Drivers\bsdpf64.sys
2016-06-23 20:08 - 2016-06-23 20:08 - 00026944 _____ C:\WINDOWS\system32\Drivers\bsdpr64.sys
2016-06-23 20:08 - 2016-06-23 20:08 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml
2016-06-23 20:08 - 2016-06-23 20:08 - 00000003 _____ C:\Users\Brad\AppData\Local\aatxtname.txt
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 ____D C:\Users\Brad\AppData\Local\SecurityApps
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSnano
2016-06-23 20:08 - 2016-06-23 20:08 - 00000000 _____ C:\Users\Brad\AppData\Local\tr5b.txt
2016-06-23 20:07 - 2016-06-23 22:55 - 00000000 ____D C:\ProgramData\Logic Handler
2016-06-23 20:07 - 2016-06-23 22:49 - 00000000 ____D C:\ProgramData\Lamzap
2016-06-23 20:07 - 2016-06-23 22:24 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-06-23 20:07 - 2016-06-23 21:14 - 00000000 ____D C:\Users\Brad\AppData\Roaming\FC09P
2016-06-23 20:07 - 2016-06-23 20:28 - 00000000 ____D C:\Users\Brad\AppData\Local\DailyWiki
2016-06-23 20:07 - 2016-06-23 20:14 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-06-23 20:07 - 2016-06-23 20:07 - 06867456 _____ C:\Users\Brad\AppData\Roaming\agent.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 02279413 _____ C:\Users\Brad\AppData\Roaming\Jayfind.bin
2016-06-23 20:07 - 2016-06-23 20:07 - 01759888 _____ C:\Users\Brad\AppData\Roaming\Kaysing.tst
2016-06-23 20:07 - 2016-06-23 20:07 - 00848437 _____ C:\Users\Brad\AppData\Roaming\Zertip.bin
2016-06-23 20:07 - 2016-06-23 20:07 - 00126464 _____ C:\Users\Brad\AppData\Roaming\noah.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 00069024 _____ C:\Users\Brad\AppData\Roaming\Config.xml
2016-06-23 20:07 - 2016-06-23 20:07 - 00060136 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-06-23 20:07 - 2016-06-23 20:07 - 00018432 _____ C:\Users\Brad\AppData\Roaming\Main.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\tuto_monetize_120160623
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\SearchProtect
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\csdi_monetize_120160623
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Users\Brad\AppData\Local\bvyvbvyf
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\ProgramData\SearchModule
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Program Files\Caster
2016-06-23 20:07 - 2016-06-23 20:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-06-23 20:07 - 2016-06-23 20:06 - 00964608 _____ C:\Users\Brad\AppData\Roaming\Kaysing.exe
2016-06-23 20:06 - 2016-06-23 22:55 - 00000000 ____D C:\Program Files (x86)\EasyHotspot
2016-06-23 20:06 - 2016-06-23 22:24 - 00000000 ____D C:\Program Files (x86)\mpck
2016-06-23 20:06 - 2016-06-23 21:01 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2016-06-23 20:06 - 2016-06-23 20:06 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-06-23 20:06 - 2016-06-23 20:06 - 00128512 _____ C:\Users\Brad\AppData\Roaming\Installer.dat
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 __SHD C:\WINDOWS\system32\%APPDATA%
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____H C:\WINDOWS\system32\BIT733F.tmp
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____H C:\WINDOWS\system32\BIT6B1F.tmp
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\WINDOWS\SysWOW64\CpuHeatMapping
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Users\Brad\AppData\Roaming\gplyra
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Users\Brad\AppData\Roaming\cpuminer
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Users\Brad\AppData\Local\Consumer Input
2016-06-23 20:06 - 2016-06-23 20:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation
2016-06-23 20:03 - 2016-06-23 20:03 - 00000000 ____D C:\Program Files (x86)\FastWeb
2016-06-23 20:03 - 2016-06-23 20:03 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131
2016-06-23 20:03 - 2016-06-23 20:01 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-23 18:10 - 2016-06-23 20:09 - 00065344 ____N (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2016-06-20 19:11 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-20 19:11 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-20 19:11 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-20 19:10 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-20 19:10 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-20 19:10 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-20 19:10 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-20 19:10 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-20 19:10 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-20 19:10 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-20 19:10 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-20 19:10 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-20 19:10 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-20 19:10 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-20 19:10 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-20 19:10 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-20 19:10 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-20 19:10 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-20 19:10 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-20 19:10 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-20 19:10 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-20 19:10 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-20 19:10 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-20 19:10 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-20 19:10 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-20 19:10 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-20 19:10 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-20 19:10 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-20 19:10 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-20 19:10 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-20 19:10 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-20 19:10 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-20 19:10 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-20 19:10 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-20 19:10 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-20 19:10 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-20 19:10 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-20 19:10 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-20 19:10 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-20 19:10 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-20 19:10 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-20 19:10 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-20 19:10 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-20 19:10 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-20 19:10 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-20 19:10 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-20 19:10 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-20 19:10 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-20 19:10 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-20 19:10 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-20 19:10 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-20 19:10 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-20 19:10 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-20 19:10 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-20 19:10 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-20 19:10 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-20 19:10 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-20 19:10 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-20 19:10 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-20 19:10 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-20 19:10 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-20 19:10 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-20 19:10 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-20 19:10 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-20 19:10 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-20 19:10 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-20 19:10 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-20 19:10 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-20 19:10 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-20 19:10 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-20 19:10 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-20 19:10 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-20 19:10 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-20 19:10 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-20 19:10 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-20 19:10 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-20 19:10 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-20 19:10 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-20 19:10 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-20 19:10 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-20 19:10 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-20 19:10 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-20 19:10 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-20 19:10 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-20 19:10 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-20 19:10 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-20 19:10 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-20 19:10 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-20 19:10 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-20 19:10 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-20 19:10 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-20 19:10 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-20 19:10 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-20 19:10 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-20 19:10 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-20 19:10 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-20 19:10 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-20 19:10 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-20 19:10 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-20 19:10 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-20 19:10 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-20 19:10 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-20 19:10 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-20 19:10 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-20 19:10 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-20 19:10 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-20 19:10 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-20 19:10 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-20 19:10 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-20 19:10 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-20 19:10 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-20 19:10 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-20 19:10 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-20 19:10 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-20 19:10 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-20 19:10 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-20 19:10 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-20 19:10 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-20 19:10 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-20 19:10 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-20 19:10 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-20 19:10 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-20 19:10 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-20 19:10 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-20 19:10 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-20 19:10 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-20 19:10 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-20 19:10 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-20 19:10 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-20 19:10 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-20 19:10 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-20 19:10 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-20 19:10 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-20 19:10 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-20 19:10 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-20 19:10 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-20 19:10 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-20 19:10 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-20 19:10 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-20 19:10 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-20 19:10 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-20 19:10 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-20 19:10 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-20 19:10 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-20 19:10 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-20 19:10 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-20 19:10 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-20 19:10 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-20 19:09 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-20 19:09 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-20 19:09 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-20 19:09 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-20 19:09 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-20 19:09 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-20 19:09 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-20 19:09 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-20 19:09 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-20 19:09 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-20 19:09 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-20 19:09 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-20 19:09 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-20 19:09 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-20 19:09 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-20 19:09 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-20 19:09 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-20 19:09 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-20 19:09 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-20 19:09 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-20 19:09 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-20 19:09 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-20 19:09 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-20 19:09 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-20 19:09 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-20 19:09 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-20 19:09 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-20 19:09 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-20 19:09 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-20 19:09 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-20 19:09 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-20 19:09 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-20 19:09 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-20 19:09 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-20 19:09 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-20 19:09 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-20 19:09 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-20 19:09 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-20 19:09 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-20 19:09 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-20 19:09 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-20 19:09 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-20 19:09 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-20 19:09 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-20 19:09 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-20 19:09 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-20 19:09 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-20 19:09 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-20 19:09 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-20 19:09 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-20 19:09 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-20 19:09 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-20 19:09 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-20 19:09 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-20 19:09 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-20 19:09 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-20 19:09 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-20 19:09 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-20 19:09 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-20 19:09 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-20 19:09 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-20 19:09 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-20 19:09 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-20 18:58 - 2016-06-20 18:58 - 03079168 _____ C:\Users\Brad\Downloads\Android Control.exe
2016-06-20 18:58 - 2016-06-20 18:58 - 03079168 _____ C:\Users\Brad\Downloads\Android Control (1).exe
2016-06-20 18:58 - 2016-06-20 18:58 - 03079168 _____ C:\Users\Brad\Desktop\Android Control.exe
2016-06-08 17:25 - 2016-06-08 17:26 - 00000000 ____D C:\Users\Brad\Desktop\ALL ERR FILES
2016-06-02 17:59 - 2016-06-02 17:59 - 00110023 _____ C:\Users\Brad\Downloads\Bradley Barker Resume.pdf
2016-06-02 15:57 - 2016-06-02 15:57 - 00189933 _____ C:\Users\Brad\Downloads\3-FAA 3330-43-1 CLE.pdf
2016-06-02 15:57 - 2016-06-02 15:57 - 00189933 _____ C:\Users\Brad\Downloads\3-FAA 3330-43-1 CLE (1).pdf
2016-05-31 19:19 - 2016-05-31 19:19 - 00324689 _____ C:\Users\Brad\Downloads\atspp_pay_table (5).xlsx
2016-05-31 19:19 - 2016-05-31 19:19 - 00324689 _____ C:\Users\Brad\Downloads\atspp_pay_table (4).xlsx
2016-05-29 17:36 - 2016-05-29 17:36 - 00333169 _____ C:\Users\Brad\Downloads\ERR package (1).zip
2016-05-29 10:36 - 2016-05-29 10:36 - 00478569 _____ C:\Users\Brad\Downloads\Nov. 4, 2015 - ERR_Release Policy MOU & SOP.pdf
2016-05-28 17:10 - 2016-05-28 17:10 - 00324689 _____ C:\Users\Brad\Downloads\atspp_pay_table (3).xlsx
2016-05-28 16:52 - 2016-05-28 16:52 - 00333169 _____ C:\Users\Brad\Downloads\ERR package.zip
2016-05-28 14:55 - 2016-05-28 14:55 - 01088236 _____ C:\Users\Brad\Downloads\draft_faa_3330-43-1_4-15_rev2 (1).pdf
2016-05-28 14:23 - 2016-05-28 14:23 - 00324689 _____ C:\Users\Brad\Downloads\atspp_pay_table (2).xlsx
2016-05-28 14:18 - 2016-05-28 14:18 - 00086016 _____ C:\Users\Brad\Downloads\faa3330_42.dot
2016-05-28 13:52 - 2016-05-28 13:52 - 00324689 _____ C:\Users\Brad\Downloads\atspp_pay_table (1).xlsx
2016-05-28 11:04 - 2016-05-28 11:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-05-28 11:03 - 2016-05-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-05-28 11:03 - 2016-05-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-05-28 11:03 - 2016-05-28 11:03 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-05-28 11:02 - 2016-05-28 11:02 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-05-28 11:02 - 2016-05-28 11:02 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2016-05-28 11:02 - 2016-05-28 11:02 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2016-05-28 11:02 - 2016-05-28 11:02 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-05-28 11:00 - 2016-05-28 11:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-05-28 10:59 - 2016-05-28 10:59 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-05-28 10:59 - 2016-05-28 10:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-05-28 10:58 - 2016-05-28 11:02 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-28 10:58 - 2016-05-28 10:58 - 00000000 __RHD C:\MSOCache
2016-05-28 10:58 - 2016-05-28 10:58 - 00000000 ____D C:\Users\Brad\AppData\Local\Microsoft Help
2016-05-28 10:58 - 2016-05-28 10:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-28 10:37 - 2016-05-28 10:37 - 01238645 _____ C:\Users\Brad\Downloads\aoo-pdf-import-0.1.0-windows-x86.oxt
2016-05-28 10:35 - 2016-05-28 10:53 - 00000000 ____D C:\Users\Brad\Downloads\Microsoft Office Professional Plus 2010
2016-05-28 10:34 - 2016-05-28 10:34 - 00116653 _____ C:\Users\Brad\Downloads\Microsoft+Office+Professional+Plus+2010.torrent
2016-05-28 10:32 - 2016-05-28 10:32 - 00022249 _____ C:\Users\Brad\Downloads\Brad Barker Resume for Piedmont Airlines.pdf
2016-05-28 10:25 - 2016-05-28 10:25 - 01088236 _____ C:\Users\Brad\Downloads\draft_faa_3330-43-1_4-15_rev2.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-23 23:01 - 2015-12-01 20:42 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-23 22:54 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-23 22:51 - 2015-05-04 10:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-23 22:47 - 2015-12-01 22:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-23 22:47 - 2015-12-01 20:39 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-23 22:46 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-23 22:18 - 2015-12-01 22:03 - 00000000 ____D C:\Users\Brad\AppData\Local\Packages
2016-06-23 22:18 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-23 22:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-23 20:43 - 2015-12-01 20:42 - 00000000 ____D C:\Users\Brad
2016-06-23 20:11 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-06-23 20:09 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-23 20:08 - 2016-04-08 11:40 - 00002052 ____R C:\Users\Public\Desktop\RеаlFlight G4.5 Lаunсhеr.lnk
2016-06-23 20:08 - 2016-04-03 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealFlight G4
2016-06-23 20:08 - 2016-04-03 19:38 - 00000000 ____D C:\Program Files (x86)\RealFlightG4
2016-06-23 20:08 - 2015-02-13 21:26 - 00002491 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-06-23 20:06 - 2015-02-13 20:49 - 00000000 ____D C:\Users\Brad\AppData\Local\Apps\2.0
2016-06-22 22:39 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-22 22:18 - 2015-12-01 20:36 - 04939248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-22 22:00 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-22 22:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-22 22:00 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-20 19:43 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-20 19:38 - 2015-02-13 21:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-20 19:32 - 2015-02-13 21:57 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-08 17:14 - 2015-05-30 21:00 - 00000000 ___RD C:\Users\Brad\Documents\Scanned Documents
2016-05-28 11:46 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-05-28 11:46 - 2015-02-16 17:23 - 00000000 ____D C:\Users\Brad\AppData\Roaming\uTorrent
2016-05-28 11:13 - 2016-04-03 19:09 - 00000000 ____D C:\Users\Brad\AppData\LocalLow\uTorrent
2016-05-28 11:03 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-05-28 11:02 - 2015-12-01 23:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-05-28 10:59 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-28 10:59 - 2009-07-13 22:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-05-28 10:21 - 2015-12-01 22:07 - 00002401 ____N C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-28 10:21 - 2015-12-01 22:07 - 00000000 ___RD C:\Users\Brad\OneDrive
2016-05-28 01:55 - 2015-12-01 20:39 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
 
==================== Files in the root of some directories =======
 
2016-06-23 20:07 - 2016-06-23 20:07 - 6867456 _____ () C:\Users\Brad\AppData\Roaming\agent.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 0069024 _____ () C:\Users\Brad\AppData\Roaming\Config.xml
2016-06-23 20:06 - 2016-06-23 20:06 - 0128512 _____ () C:\Users\Brad\AppData\Roaming\Installer.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 2279413 _____ () C:\Users\Brad\AppData\Roaming\Jayfind.bin
2016-06-23 20:07 - 2016-06-23 20:06 - 0964608 _____ () C:\Users\Brad\AppData\Roaming\Kaysing.exe
2016-06-23 20:07 - 2016-06-23 20:07 - 1759888 _____ () C:\Users\Brad\AppData\Roaming\Kaysing.tst
2016-06-23 20:07 - 2016-06-23 20:07 - 0018432 _____ () C:\Users\Brad\AppData\Roaming\Main.dat
2016-06-23 20:07 - 2016-06-23 20:07 - 0126464 _____ () C:\Users\Brad\AppData\Roaming\noah.dat
2016-06-23 20:08 - 2016-06-23 20:08 - 0032038 _____ () C:\Users\Brad\AppData\Roaming\uninstall_temp.ico
2016-06-23 20:07 - 2016-06-23 20:07 - 0848437 _____ () C:\Users\Brad\AppData\Roaming\Zertip.bin
2016-06-23 20:08 - 2016-06-23 20:08 - 0000003 _____ () C:\Users\Brad\AppData\Local\aatxtname.txt
2016-05-18 15:35 - 2016-05-18 15:35 - 0005120 _____ () C:\Users\Brad\AppData\Local\ddnow.exe
2016-05-18 15:36 - 2016-05-18 15:36 - 0005632 _____ () C:\Users\Brad\AppData\Local\ddnow4.exe
2016-06-23 22:49 - 2015-06-26 15:08 - 0294400 _____ (CodePlex Community) C:\Users\Brad\AppData\Local\Microsoft.Win32.TaskScheduler.dll
2016-03-18 01:00 - 2016-03-18 01:00 - 0000000 _____ () C:\Users\Brad\AppData\Local\ok223.txt
2016-06-23 20:08 - 2016-06-23 20:08 - 0590347 _____ () C:\Users\Brad\AppData\Local\setupone.exe
2016-05-12 15:44 - 2016-05-12 15:44 - 0007680 _____ () C:\Users\Brad\AppData\Local\tinstall.exe
2016-05-12 15:45 - 2016-05-12 15:45 - 0007680 _____ () C:\Users\Brad\AppData\Local\tinstall4.exe
2016-06-23 20:08 - 2016-06-23 20:08 - 0000000 _____ () C:\Users\Brad\AppData\Local\tr5b.txt
 
Some files in TEMP:
====================
C:\Users\Brad\AppData\Local\Temp\3A81.tmp.exe
C:\Users\Brad\AppData\Local\Temp\864.tmp.exe
C:\Users\Brad\AppData\Local\Temp\B6YHBU3XWT.exe
C:\Users\Brad\AppData\Local\Temp\CF62.tmp.exe
C:\Users\Brad\AppData\Local\Temp\compete.exe
C:\Users\Brad\AppData\Local\Temp\GDHNIVDEKF.exe
C:\Users\Brad\AppData\Local\Temp\InstallHelper.exe
C:\Users\Brad\AppData\Local\Temp\K4A4P11VF3.exe
C:\Users\Brad\AppData\Local\Temp\nsg9ECA.tmp.exe
C:\Users\Brad\AppData\Local\Temp\R1MB5Y6ZTK.exe
C:\Users\Brad\AppData\Local\Temp\reg_32.exe
C:\Users\Brad\AppData\Local\Temp\sdf589C.exe
C:\Users\Brad\AppData\Local\Temp\sdf5948.exe
C:\Users\Brad\AppData\Local\Temp\sdfBC24.exe
C:\Users\Brad\AppData\Local\Temp\Setup__2140_il33.exe
C:\Users\Brad\AppData\Local\Temp\ZBJ60X3CHE.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2016-04-14 18:40] - [2016-04-14 18:40] - 0686976 ____A (Microsoft Corporation) F5A0C88E9CBFC0D2BEB016426262F08D
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2016-04-14 18:40] - [2016-04-14 18:40] - 0535080 ____A (Microsoft Corporation) 15BF24339BC6AADDB8AE020D16E9FF3D
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-21 07:19
 
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

And the Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01

Ran by Brad (2016-06-23 23:05:27)
Running from C:\Users\Brad\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-02 02:03:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1061724313-1516444972-2292327885-500 - Administrator - Disabled)
Brad (S-1-5-21-1061724313-1516444972-2292327885-1000 - Administrator - Enabled) => C:\Users\Brad
DefaultAccount (S-1-5-21-1061724313-1516444972-2292327885-503 - Limited - Disabled)
Guest (S-1-5-21-1061724313-1516444972-2292327885-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1061724313-1516444972-2292327885-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
RealFlight G4 R/C Simulator (HKLM-x32\...\RealFlightG4Pro) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\GOGPACKRCT2_is1) (Version: 2.0.0.6 - GOG.com)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brad\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brad\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07111DBC-584A-43AA-9D93-8FB70C6687D5} - \Trigger KMS Activation -> No File <==== ATTENTION
Task: {09FD7BB0-C03C-40E2-AAE6-7A6E43F0A70A} - \User_Feed_Synchronization-{F0DB4CB1-06EC-4B44-B817-B3107BA8FCF8} -> No File <==== ATTENTION
Task: {0BB51C1A-2C51-44C4-B4E3-E4C4DB45A19F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {213F928C-EEE6-4D85-8583-FB54C1458768} - \SMW_UpdateTask_Time_333634363139383738342d6c4a5a415b34322a2d6c345a -> No File <==== ATTENTION
Task: {22C72B7B-17D7-4A82-B33E-5CFC7DBCD6F3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-20] (Microsoft Corporation)
Task: {3141BA3D-0494-45C7-976D-E8D1ED2B61B9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {35E58AF0-5B9D-420E-B18B-24EE8F9C3371} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {38F2059B-2324-4F80-BC2C-55EE414702C7} - \{FE2E0D5C-2A3E-4CC9-9A02-E3DEF83599DE} -> No File <==== ATTENTION
Task: {404558BF-988C-4ACF-ABCB-02E6E0D59D29} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {41D7BC36-35C7-4594-9D64-47697584D9CD} - \bvyvbvyf -> No File <==== ATTENTION
Task: {438EBBC8-D247-4359-B313-B3A5EEAB8D82} - \Pa1044003710440037 -> No File <==== ATTENTION
Task: {47B81801-A58A-4872-BA68-4FB764D0FBAF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {53A553D7-0762-4610-9A70-D598BE9008B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5954A446-E60E-4284-8152-6CD0D989F4AB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {610E04CD-8550-4452-A5B6-209407B00C2D} - \VirusRemover -> No File <==== ATTENTION
Task: {6856AA0C-04C9-49AF-BD83-390576E248BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6F55E302-509F-44F0-9962-4220CE2A36B0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {730B9D00-3EFB-436B-AB1C-22342F1CBEF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7A2B2356-BC35-4D5B-AA7D-052FF3BFAA35} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7A2F6459-AD40-4D5E-844D-2E77BCBCCC22} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {80CE7B60-2B0C-4E2C-9AB5-8BB92C29506E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8A6AED65-D370-46C7-9218-C1150DF3A52A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8C9D67F9-FBF5-4783-A37A-F39ACDD82E13} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F328066-E040-4652-B526-2D79A015834D} - \10440037 -> No File <==== ATTENTION
Task: {8F7E59B9-B2D0-43B0-9B26-5F0D2272E269} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {985E8B9B-23FF-4AD0-AF1B-ACBD50384898} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9A6FC465-04FC-4E2A-888E-5AAA385BDAD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CCE3209-C199-47BE-822E-AFC27AD68A30} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9F99AE31-2CFA-43A5-90E5-6842E433DF23} - System32\Tasks\AdBlock => C:\Windows\AdBlock.exe [2016-06-21] (                                                            ) <==== ATTENTION
Task: {A0A54B5A-48B7-4C97-AED3-7D47DF2E0B4E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {A7105055-46F0-4DD1-8EB8-B4DB92B77C35} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A8751DEA-E7E4-4CEB-8B8C-E806ADD15519} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AC65EF3E-0197-45F7-A429-0B5B23B1B567} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B1B18EA0-F72D-4491-B328-4A73934C893A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BA0528E3-045C-4919-9286-E400701262E9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {BE9F00FD-EB87-4692-997D-7A4CABC69B04} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {BECC73FE-2F8B-4118-8F9A-70C55E11CBB7} - \{C5B8CD2F-2F44-4943-AA54-A64EC2123C00} -> No File <==== ATTENTION
Task: {BF6D9C90-3451-4BED-AD00-80A727238A1D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D5696AE9-65A2-4F17-80F8-F77F69C16C2A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D7B55828-1A25-41FA-A710-F34087F56948} - \AdobeAAMUpdater-1.0-Brad-PC-Brad -> No File <==== ATTENTION
Task: {DD3C6CD0-BDB2-4EE1-B2CF-37E0E21E202D} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {DD760188-3BFA-41AC-9430-4958FA0B80F8} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {DE8488E3-F286-4D99-B1D3-9A20419A101F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {DFDD4498-4CCB-4731-AB51-63D113D12438} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {E4330FB3-EF10-469D-95DF-83AD2F29CB0F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {EA1B89AD-5682-42A5-B1F2-2D66694058A4} - \SMW_P -> No File <==== ATTENTION
Task: {F9BB8386-933D-43AA-8EBE-AF38F6844FC5} - \SecurityApps2 -> No File <==== ATTENTION
Task: {FB41DCE6-0642-4DC7-BFD4-6B99E9F0F3B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FF10D043-BD48-4BC8-AEB7-0AB4D889BFE4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt-Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sеаrсh (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epe&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
ShortcutWithArgument: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sеаrсh.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epe&s=G6Ozftptn095001BQ,9e90d772-22b2-49a1-83d7-a38e0ad8c3f8,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> hxxp://www%2dsearching.com/?prd=set_epc&s=G6Ozftpbl0cshmoAQ,429d1783-9bd1-470f-990d-cc4a7ecc6c20,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-07-23 05:02 - 2015-07-23 05:02 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-12-01 20:39 - 2015-07-22 21:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-23 20:07 - 2016-06-23 20:06 - 00964608 ____N () C:\ProgramData\Lamzap\Lamzap.exe
2016-06-23 20:06 - 2016-06-11 15:57 - 00012288 _____ () C:\WINDOWS\SysWOW64\CpuHeatMapping\16641\CpuHeatMapping.exe
2016-06-23 18:10 - 2016-06-23 20:09 - 00271360 _____ () C:\Program Files\Udutdy\Bedopudm.exe
2015-12-26 04:59 - 2015-12-26 04:59 - 00158720 ____N () C:\Users\Brad\AppData\Local\4C4C4544-1466713002-5410-8046-B8C04F535131\qnssFDCC.tmp
2016-06-23 20:03 - 2016-06-23 20:03 - 00244224 ____N () C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\jnsaA40C.tmp
2016-06-23 18:10 - 2016-06-23 20:09 - 00257536 ____N () C:\Program Files\Udutdy\Nidkaf.exe
2016-06-23 16:04 - 2016-06-23 16:04 - 00404992 _____ () C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\knsq8DBE.tmpfs
2016-06-23 22:34 - 2016-05-27 17:00 - 00007680 _____ () C:\WINDOWS\CpuEssentials\165271\CpuEssentials.exe
2016-06-23 18:10 - 2016-06-23 20:09 - 01682432 ____N () C:\Program Files\Udutdy\MiepDemf.exe
2016-06-23 20:03 - 2016-06-23 20:03 - 00138240 ____N () C:\Program Files (x86)\4C4C4544-1466726587-5410-8046-B8C04F535131\hnsiB9B8.tmp
2016-04-14 18:41 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-19 20:27 - 2016-04-19 20:28 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-14 18:41 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-23 18:10 - 2016-06-23 20:09 - 00426496 _____ () C:\Program Files\Udutdy\Diroghs64.DLL
2016-05-28 10:21 - 2016-05-28 10:21 - 00959168 _____ () C:\Users\Brad\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-06-23 18:10 - 2016-06-23 20:09 - 00707072 ____N () C:\Program Files\Udutdy\Mifehafn64.exe
2016-06-23 18:10 - 2016-06-23 20:09 - 00809472 _____ () C:\Program Files\Udutdy\Miercuat64.DLL
2016-06-23 18:10 - 2016-06-23 20:09 - 00437248 _____ () C:\Program Files\Udutdy\Baokei64.DLL
2016-06-23 18:10 - 2016-06-23 20:09 - 00447488 _____ () C:\Program Files\Udutdy\Pokisaj64.DLL
2015-12-17 14:44 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 16:37 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-20 19:10 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-20 19:10 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-20 19:10 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-20 19:10 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-31 13:04 - 2016-03-31 13:04 - 01399808 _____ () C:\Users\Brad\AppData\Roaming\cpuminer\cpm.exe
2016-06-23 20:07 - 2016-06-23 20:07 - 03630592 ____N () C:\Program Files (x86)\EasyHotspot\idsccom_W1Q.exe
2016-06-23 20:07 - 2016-06-23 20:07 - 03630592 ____N () C:\Program Files (x86)\mpck\wincom_DO7.exe
2016-06-23 20:08 - 2016-06-23 20:08 - 03630592 ____N () C:\Program Files (x86)\sunnyday\wincom_Q57.exe
2016-06-23 20:03 - 2016-06-23 20:03 - 00224768 _____ () C:\Program Files (x86)\FastWeb\fastweb.exe
2013-04-12 13:23 - 2013-04-12 13:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-04-19 20:27 - 2016-04-19 20:28 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 20:27 - 2016-04-19 20:28 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-04-26 09:57 - 2015-05-01 12:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-28 10:21 - 2016-05-28 10:21 - 00679624 _____ () C:\Users\Brad\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:3F30E778 [139]
AlternateDataStreams: C:\ProgramData\TEMP:69E87FA2 [116]
AlternateDataStreams: C:\ProgramData\TEMP:A9967A61 [133]
AlternateDataStreams: C:\ProgramData\TEMP:F4C624DE [123]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-06-23 20:01 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brad\Downloads\Airplane-wallpaper-152.jpg
HKU\S-1-5-21-1061724313-1516444972-2292327885-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Brad\Downloads\Airplane-wallpaper-152.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{4CA0DD86-FC58-4AA4-8A0E-38049E08451C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A9265390-1D36-4B39-A509-C32A29EE21F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2240E34B-C757-4071-91D5-668BDD09CFA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{00680DD6-93EC-4A12-A840-C6D76DA33293}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2FB86365-DDC3-4C56-8C80-E142E32FA3B9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5E05F36C-1D98-4A59-AF17-1C010D52741C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5A82CFA5-85EB-4279-A3DC-7D07B420DFA4}] => (Allow) C:\Users\Brad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{98571516-2521-48E9-8D61-C856B8328D45}] => (Allow) C:\Users\Brad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{1F601DD0-263F-4103-B003-1A7A7A168F5D}C:\program files (x86)\xxxchurch\x3watch\x3watch.exe] => (Allow) C:\program files (x86)\xxxchurch\x3watch\x3watch.exe
FirewallRules: [TCP Query User{250C089E-EBD0-4238-B6D6-58A3E9FB2638}C:\program files (x86)\xxxchurch\x3watch\x3watch.exe] => (Allow) C:\program files (x86)\xxxchurch\x3watch\x3watch.exe
FirewallRules: [{6799F6D2-8F0F-4FA1-8CEA-C982EF305D14}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{7E040A85-BFEB-4A1A-9A63-A95717D88072}D:\easysetupassistant\tl-wdr4300\easysetupassistant.exe] => (Allow) D:\easysetupassistant\tl-wdr4300\easysetupassistant.exe
FirewallRules: [UDP Query User{9BE3A37E-BA46-4AA8-9F16-B4101C8B6B60}D:\easysetupassistant\tl-wdr4300\easysetupassistant.exe] => (Allow) D:\easysetupassistant\tl-wdr4300\easysetupassistant.exe
FirewallRules: [TCP Query User{EA3175D0-6567-455D-BCBF-CB30793B20A1}C:\program files (x86)\xxxchurch\x3watch\x3watch.exe] => (Block) C:\program files (x86)\xxxchurch\x3watch\x3watch.exe
FirewallRules: [UDP Query User{614D2605-4277-4522-BD4A-AB547A59B2E5}C:\program files (x86)\xxxchurch\x3watch\x3watch.exe] => (Block) C:\program files (x86)\xxxchurch\x3watch\x3watch.exe
FirewallRules: [{61CADED7-5A20-48C4-B2A5-D92267635298}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3DA0AEB-712D-48BE-859E-280B7E5C409F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C58E874-B755-48EF-9FF6-5FCDB6976B8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A720B5B-8473-4654-AEB2-CFDFB7A68AD9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4968B397-7189-4471-9FEA-57BE2C8380C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38F1E029-00D2-4EBD-BF22-9A85C7D4DE75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E213E199-4180-4D2A-8390-90E34D404F12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B46A147-CA68-484C-8201-63D60E17105D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4BAF7645-11C9-4C24-93FA-BD08A81BFF7A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E91464D6-3AC9-4A86-B32B-B426C0C5BFB0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A039FA95-0C1A-4DCC-9E41-6A72F88F80F7}] => (Allow) C:\Users\Brad\AppData\Local\ddnowyes.exe
FirewallRules: [{AEC1BAC3-8858-4E8D-8443-2AE42B91137B}] => (Allow) C:\Users\Brad\AppData\Local\Temp\nsxAE2C.tmp\setup.exe
FirewallRules: [{BA8FB75C-BD8F-4164-B818-8BC496BB5139}] => (Allow) C:\Users\Brad\AppData\Local\7878900.exe
FirewallRules: [{15F655A2-1FF4-4F33-A259-7A9DF90416D7}] => (Allow) C:\Users\Brad\AppData\Local\tinstall.exe
FirewallRules: [{81E665F6-EB9C-4281-A330-091FF05F6F86}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{0333D81D-FDA7-4BC4-B8F8-C6CC51877639}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
 
==================== Restore Points =========================
 
08-06-2016 11:35:34 Scheduled Checkpoint
20-06-2016 19:30:39 Windows Update
20-06-2016 19:31:36 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/23/2016 10:50:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SystemAlert.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
 
Exception Info: System.Data.SqlClient.SqlException
   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(System.Data.ProviderBase.DbConnectionPoolIdentity, System.Data.SqlClient.SqlConnectionString, System.Data.SqlClient.SqlCredential, System.Object, System.String, System.Security.SecureString, Boolean, System.Data.SqlClient.SqlConnectionString, System.Data.SqlClient.SessionData, System.Data.ProviderBase.DbConnectionPool, System.String, Boolean)
   at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(System.Data.Common.DbConnectionOptions, System.Data.Common.DbConnectionPoolKey, System.Object, System.Data.ProviderBase.DbConnectionPool, System.Data.Common.DbConnection, System.Data.Common.DbConnectionOptions)
   at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(System.Data.ProviderBase.DbConnectionPool, System.Data.Common.DbConnection, System.Data.Common.DbConnectionOptions, System.Data.Common.DbConnectionPoolKey, System.Data.Common.DbConnectionOptions)
   at System.Data.ProviderBase.DbConnectionPool.CreateObject(System.Data.Common.DbConnection, System.Data.Common.DbConnectionOptions, System.Data.ProviderBase.DbConnectionInternal)
   at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(System.Data.Common.DbConnection, System.Data.Common.DbConnectionOptions, System.Data.ProviderBase.DbConnectionInternal)
   at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(System.Data.Common.DbConnection, UInt32, Boolean, Boolean, System.Data.Common.DbConnectionOptions, System.Data.ProviderBase.DbConnectionInternal ByRef)
   at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(System.Data.Common.DbConnection, System.Threading.Tasks.TaskCompletionSource`1<System.Data.ProviderBase.DbConnectionInternal>, System.Data.Common.DbConnectionOptions, System.Data.ProviderBase.DbConnectionInternal ByRef)
   at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(System.Data.Common.DbConnection, System.Threading.Tasks.TaskCompletionSource`1<System.Data.ProviderBase.DbConnectionInternal>, System.Data.Common.DbConnectionOptions, System.Data.ProviderBase.DbConnectionInternal, System.Data.ProviderBase.DbConnectionInternal ByRef)
   at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(System.Data.Common.DbConnection, System.Data.ProviderBase.DbConnectionFactory, System.Threading.Tasks.TaskCompletionSource`1<System.Data.ProviderBase.DbConnectionInternal>, System.Data.Common.DbConnectionOptions)
   at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(System.Data.Common.DbConnection, System.Data.ProviderBase.DbConnectionFactory, System.Threading.Tasks.TaskCompletionSource`1<System.Data.ProviderBase.DbConnectionInternal>, System.Data.Common.DbConnectionOptions)
   at System.Data.SqlClient.SqlConnection.TryOpenInner(System.Threading.Tasks.TaskCompletionSource`1<System.Data.ProviderBase.DbConnectionInternal>)
   at System.Data.SqlClient.SqlConnection.TryOpen(System.Threading.Tasks.TaskCompletionSource`1<System.Data.ProviderBase.DbConnectionInternal>)
   at System.Data.SqlClient.SqlConnection.Open()
   at SystemAlert.Form1..ctor()
   at SystemAlert.Program.Main(System.String[])
 
Error: (06/23/2016 10:46:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/23/2016 10:46:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Brad-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (06/23/2016 10:47:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The backlh service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (06/23/2016 10:47:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the backlh service to connect.
 
Error: (06/23/2016 10:47:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ProntSpooler service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (06/23/2016 10:47:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ProntSpooler service to connect.
 
Error: (06/23/2016 10:47:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Newbov service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (06/23/2016 10:47:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Error: (06/23/2016 10:47:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gifzu service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (06/23/2016 10:46:44 PM) (Source: DCOM) (EventID: 10001) (User: Brad-PC)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca31App.AppX65azfy60a5wn91mcvdd3dr2y0wj02n39.mcaUnavailableUnavailable
 
Error: (06/23/2016 10:46:44 PM) (Source: DCOM) (EventID: 10010) (User: Brad-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
 
Error: (06/23/2016 10:46:44 PM) (Source: DCOM) (EventID: 10010) (User: Brad-PC)
Description: Microsoft.MicrosoftOfficeHub.AppXrqs94aemecwbtd1veqtvyn34m9ks80g7.mca
 
 
CodeIntegrity:
===================================
  Date: 2016-06-23 20:21:57.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-22 22:19:44.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-22 21:57:18.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-29 10:18:07.052
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-29 10:18:07.015
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-29 10:18:06.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-29 10:18:06.894
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-29 10:18:06.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-29 10:18:06.841
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-05-29 10:18:05.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 27%
Total physical RAM: 8086.16 MB
Available physical RAM: 5826.1 MB
Total Virtual: 9992.16 MB
Available Virtual: 7743.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.22 GB) (Free:378.32 GB) NTFS
Drive f: (USB DRIVE) (Removable) (Total:3.61 GB) (Free:3.1 GB) NTFS
Drive h: (RFV4_4) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A6415B24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 2 (Size: 3.6 GB) (Disk ID: 14369BD4)
Partition 1: (Active) - (Size=3.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

 

 

 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
I don't expect to get it all on one try.  It's going to take multiple tries to get rid of MPC.
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   32.49KB   103 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#3
corn4ahead

corn4ahead

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

Thanks for the quick response.

 

The files are all attached. 

 

Attached File  Fixlog.txt   72.6KB   87 downloads

 

Attached File  FRST.txt   49.17KB   66 downloads

 

Attached File  Addition.txt   23.59KB   69 downloads


Edited by corn4ahead, 24 June 2016 - 06:06 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
We did better than I expected.  MFC seems to be gone.  See if you can uninstall:
 
Search module 
 
If you can't don't worry about it.
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   6.28KB   70 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Open an Elevated Command Prompt (See:http://www.eightforu...indows-8-a.html
 
Type with an Enter after the line:
 

sfc /scannow

This will take about 15 minutes to complete.  If it says it couldn't fix everything then copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
In your Elevated Command Prompt right click and Paste (or Edit then Paste) and the two lines should appear.  Hit Enter if notepad does not open.  Copy and Paste the text from notepad to a Reply.
 
The infection messed with your shortcuts that start your browsers.  You may need to recreate them.  
You can Search for Chrome.exe  which should be in
 
"C:\Program Files x86\Google\Chrome\Application\Chrome.exe"
 
Internet Explorer = iexplore.exe
 
"C:\Program Files x86\Internet Explorer\iexplore.exe"
 
If you right click on a shortcut and select Properties then you can paste the appropriate full path (with quotes) into the box labeled Target:
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
    I'm going to be away from the PC today.  Back this evening.
     

    • 0

    #5
    corn4ahead

    corn4ahead

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 175 posts

    Here you go.

     

    Attached File  JRT.txt   961bytes   56 downloads

     

    Attached File  Fixlog.txt   7.45KB   78 downloads

     

    Attached File  FRST.txt   48.75KB   66 downloads

     

    Attached File  Addition.txt   22.84KB   57 downloads

     

    Attached File  AdwCleanerC1.txt   6.12KB   67 downloads

     

    Attached File  AdwCleanerS1.txt   7.33KB   67 downloads


    Edited by corn4ahead, 24 June 2016 - 03:10 PM.

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    Did you do the sfc /scannow?

     

    FRST is showing these two files that it doesn't like and SFC should fix them:

     

    C:\WINDOWS\system32\dnsapi.dll
    [2016-04-14 18:40] - [2016-04-14 18:40] - 0686976 ____A (Microsoft Corporation) F5A0C88E9CBFC0D2BEB016426262F08D
     
    C:\WINDOWS\SysWOW64\dnsapi.dll
    [2016-04-14 18:40] - [2016-04-14 18:40] - 0535080 ____A (Microsoft Corporation) 15BF24339BC6AADDB8AE020D16E9FF3D
     
     
    I can't seem to do anything about removing these:
     
    Shortcut: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt-Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
    Shortcut: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sеаrсh (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Brad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sеаrсh.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
     
     
    I have removed the .bat files so they won't do anything so they are harmless.
     

    Name: 
    Description: 
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
     
     

     

     

    We can fix this if you want:
     
    Search for
     
    device manager
    and hit Enter
     
    This should bring up a new window.  then View, Show Hidden Drivers.  Now look for yellow flagged devices.  Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.
     
    Your logs look pretty clean now.  Hopefully no more popups.  How is it running?  Did we break anything?
     
     

    • 0

    #7
    corn4ahead

    corn4ahead

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 175 posts
    I did do the sfc /scannow.

    You said only to copy and paste those two lines if it said it wasn't fixed. I got no error like that so I just closed to command prompt and moved on to the ADW Cleaner step.

    The computer seems mostly better but I think it's slightly sluggish.
    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

    • 0

    #9
    corn4ahead

    corn4ahead

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 175 posts

    There was only one flagged device labeled "Unknown Device". Here is copy and pasted result of that:

     

    ACPI\VEN_SMO&DEV_8800

     

     

     

    Here is the result of the other scan.

     

     

     

     

    Should I rerun the sfc /scannow?

     

     

     

    Thanks again.


    • 0

    #10
    corn4ahead

    corn4ahead

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 175 posts

    There was only one flagged device labeled "Unknown Device". Here is copy and pasted result of that:

     

    ACPI\VEN_SMO&DEV_8800

     

     

     

    Here is the result of the other scan.

     

     

     

     

    Should I rerun the sfc /scannow?

     

     

     

    Thanks again.


    • 0

    Advertisements


    #11
    corn4ahead

    corn4ahead

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 175 posts

    Accidental double post.


    Edited by corn4ahead, 25 June 2016 - 09:13 AM.

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    ACPI\VEN_SMO&DEV_8800 is ST Microelectronics DE351DLTR Motion Sensor

     

    There is a driver for Win 7 at http://www.dell.com/...leId=2731098126

     

    It might work.

     

    I don't see the Process Explorer log.

     

    If SFC was happy then the two files should be OK now.  Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post Addition.txt.


    • 0

    #13
    corn4ahead

    corn4ahead

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 175 posts

    Sorry I must have accidentally deleted it when I was editing my post. Here is the log.

     

    Attached File  System Idle Process.txt   8KB   54 downloads

     

     

     

     

     

    I downloaded the driver and it said it unzipped successfully, however, when the application went to run it said it was incompatible with Windows 10.

     

    https://support.micr...10-app-not-work


    Edited by corn4ahead, 25 June 2016 - 10:57 AM.

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    Process Explorer looks good.  Nothing hogging the CPU.  Let's try Speccy:

     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)

    • 0

    #15
    corn4ahead

    corn4ahead

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 175 posts

    Speccy Results

     

    Attached File  Speccy Results.txt   99.49KB   106 downloads

     

    The PC does seem to be running more normal now. 


    Edited by corn4ahead, 25 June 2016 - 01:23 PM.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP