2016-07-03, 01:49
There are four processes that seemed to not die they are idscservice, otutnetwork(both have a description saying twKn5bN), 68496b5b42bd7bff78bd3ccd22c9de6.exe and 7103a1b11f7c51f8446972d11fc2010d.exe both are blank descriptions can someone help me get these evil zombies dead.

This week I have had many very odd things that have happened to my PC. Lets start at the first odd thing all of a sudden my computer rebooted on its own when it returned it was asking for the authentication code and would not let me continue untill I call the 1-888 number which I would not knowing it was a fake. So I moved my mouse around and found a very very little tab with opened up a cmd screen so I somehow decided to run explorer.exe and POW I got control of my computer again.
So my computer worked fine for 2 day and then I got the BSOD which was also fake (please examine the attachment) also again I could not get out of this also. However when I pressed the window key i noticed I could see my desktop task bar for only seconds but I could use mouse to click shutdown. The screen would say these programs need to be forced closed. It happened one is called "SecurityApps2" I found out the only way to remove this was boot into safemode and search for this program then delete it. When I rebooted I was good to go.

Now besides the two processes above and all my browsers (Chrome, IE, Firefox) all show the following url as my default on all three:
and some crap that keeps popping up the last thing that is popping up is Setup wizard any program the in front get this wizard screen


Thank you.

My file Addition.txt is too big for the attachment.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by David Jordan (administrator) on DAVIDJORDAN-PC (02-07-2016 16:36:47)
Running from C:\Users\David Jordan\Searches
Loaded Profiles: David Jordan (Available Profiles: David Jordan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\046bcef5b4d38720c351415c266490e5\7102a1b11f7c51f8446972d11fc2010d.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\jnst9503.tmp
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\knsk613E.tmp
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\hnsdB0AF.tmp
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\046bcef5b4d38720c351415c266490e5\68496b5b42bd7bfff78bd3ccd22c9de6.exe
() C:\Program Files\046bcef5b4d38720c351415c266490e5\7102a1b11f7c51f8446972d11fc2010d.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\David Jordan\AppData\Local\Temp\ocrF5D2.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\David Jordan\AppData\Local\Temp\ocr8F5.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Users\David Jordan\AppData\Local\03AA02FC-1467475073-0575-2306-520700080009\qnsx12B.tmp
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [DeskBar] => C:\Program Files (x86)\Blue Labs, LLC\DeskBar\DeskBar.exe [163560 2015-06-08] (Blue Labs, LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\SpaceSoundPro\idscservice.exe [562176 2016-06-27] (twKn5b)
HKLM\...\RunOnce: [OTUTPRODUCT_PMGZD] => C:\Program Files (x86)\mpck\otutnetwork.exe [563200 2016-06-27] (twKn5b)
HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\Update\activate.exe [ ] () <=== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [1943552 2016-06-23] ()
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\...\Winlogon: [Shell] C:\Program Files (x86)\Update\activate.exe <==== ATTENTION
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{0B09071B-E607-494E-AAC4-0BE21A0E0422}: [DhcpNameServer]
Tcpip\..\Interfaces\{86E8E652-8DD5-4160-8B4E-2BB87D754345}: [NameServer]
Tcpip\..\Interfaces\{86E8E652-8DD5-4160-8B4E-2BB87D754345}: [DhcpNameServer]
Tcpip\..\Interfaces\{B3A9ADA4-D9EA-4FED-850C-C7648A29994E}: [DhcpNameServer]

Internet Explorer:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmmedply_15_42&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FtD0BtDzytDyBtC0B0CyDtByEtN0D0Tzu0StCtAzzyCtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDyB0E0Czz0FtAtBtGyE0FyDzytG0ByC0DyDtGtB0D0CtBtGyD0AyDzytA0AtB0D0Ezy0B0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Ezz0EyCyEtByBtGyCyE0FyCtGyEzztDyEtGzz0A0BtDtGzz0FyBtAtB0DyEyDyCyC0Dzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D1578239634%26a%3Dwbf_gmmedply_15_42%26os%3DWindows%2B7%2BProfessional
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1402068237-2833657262-1091988779-1000 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-1402068237-2833657262-1091988779-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D062615-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1402068237-2833657262-1091988779-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1402068237-2833657262-1091988779-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-28] (Oracle Corporation)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FF ProfilePath: C:\Users\David Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\re29rzj9.default
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google Default
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
FF Keyword.URL: hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version= -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-05-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version= -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-05-07] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF user.js: detected! => C:\Users\David Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\re29rzj9.default\user.js [2016-06-28]
FF SearchPlugin: C:\Users\David Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\re29rzj9.default\searchplugins\google-default.xml [2015-06-30]
FF SearchPlugin: C:\Users\David Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\re29rzj9.default\searchplugins\search-provided-by-yahoo.xml [2015-10-18]
FF SearchPlugin: C:\Users\David Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\re29rzj9.default\searchplugins\smod.xml [2016-06-28]
FF Extension: Pin It button - C:\Users\David Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\re29rzj9.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-02-25]

CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Google Docs) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Google Sheets) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (Google Docs Offline) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-18]
CHR Extension: (Google Hangouts) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-06-27]
CHR Extension: (Google Hangouts) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-18]
CHR Extension: (Gmail) - C:\Users\David Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 Cadbhtubji; C:\Users\David Jordan\AppData\Roaming\Helmawki\Helmawki.exe [170496 2016-06-27] () [File not signed]
R2 dowidoly; C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\jnst9503.tmp [244224 2016-06-27] () [File not signed]
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-03-25] ()
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S4 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
R2 petiwyruzbt; C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\knsk613E.tmp [259072 2016-07-01] () [File not signed]
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095440 2016-05-07] (RealNetworks, Inc.)
R2 rijufoze; C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\hnsdB0AF.tmp [138240 2016-06-27] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816 2015-06-08] ()
S4 Shell&ServicesEngine; C:\Program Files\Shell&ServicesEngine\Shell&ServicesEngine.exe [16384 2015-04-09] () [File not signed] <==== ATTENTION
S4 Shell&ServicesEngine_updater_service; C:\Program Files\Shell&ServicesEngine\Shell&ServicesEngine_updater_service.exe [12288 2015-04-10] () [File not signed] <==== ATTENTION
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3107328 2016-06-28] (Search Module Ltd.) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [905672 2016-06-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-06-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-06-22] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [356352 2015-09-23] (Wondershare) [File not signed]
R2 zigipyro; C:\Users\David Jordan\AppData\Local\03AA02FC-1467475073-0575-2306-520700080009\qnsx12B.tmp [158720 2015-12-26] () [File not signed]
R2 61c5966b9ef447a28a6330374619a0c4; "C:\Program Files\046bcef5b4d38720c351415c266490e5\7102a1b11f7c51f8446972d11fc2010d.exe" [X]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
S4 Podgaiii; "C:\Users\David Jordan\AppData\Roaming\UpepbaVen\Firasi.exe" -cms [X]
S4 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileGo-b\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 BLKWGDv8x64; C:\Windows\System32\DRIVERS\BLKWGDv8x64.sys [386344 2006-11-17] (Belkin)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-06-28] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-03-29] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-06-28] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
R2 WinDivert64; C:\Windows\system32\drivers\WinDivert64.sys [35376 2013-12-02] (Basil Projects)
R1 358a01c549f21034afaf3271e87726cf; system32\DRIVERS\358a01c549f21034afaf3271e87726cf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-02 16:31 - 2016-07-02 16:36 - 00000000 ____D C:\FRST
2016-07-02 16:30 - 2016-07-02 16:30 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAVIDJORDAN-PC-Windows-7-Professional-(64-bit).dat
2016-07-02 16:30 - 2016-07-02 16:30 - 00000000 ____D C:\RegBackup
2016-07-02 16:29 - 2016-07-02 16:29 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-07-02 16:29 - 2016-07-02 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-07-02 16:29 - 2016-07-02 16:29 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-07-02 16:28 - 2016-07-02 16:29 - 00018009 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-07-02 16:24 - 2016-07-02 16:25 - 05523840 _____ (Tweaking.com) C:\Users\David Jordan\Downloads\tweaking.com_registry_backup_setup.exe
2016-07-02 15:57 - 2016-07-02 15:58 - 00000000 ____D C:\Users\David Jordan\AppData\Local\03AA02FC-1467475073-0575-2306-520700080009
2016-07-01 20:30 - 2016-07-01 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear
2016-06-30 21:29 - 2016-07-01 20:55 - 00001695 _____ C:\Users\David Jordan\Desktop\spybot.txt
2016-06-30 20:55 - 2016-07-01 04:14 - 00581212 _____ C:\Windows\ntbtlog.txt
2016-06-30 20:50 - 2016-06-30 20:50 - 00000000 ____D C:\Program Files (x86)\Securid
2016-06-30 20:40 - 2016-06-30 20:40 - 00107906 _____ C:\Users\David Jordan\Documents\Vehicle RegistrationDavid.pdf
2016-06-29 20:09 - 2016-06-27 21:18 - 00000182 _____ C:\Windows\system32\Drivers\etc\hosts.20160629-200938.backup
2016-06-29 17:44 - 2016-06-29 17:44 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-29 17:44 - 2016-06-29 17:44 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-29 17:44 - 2016-06-29 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-29 17:44 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-06-29 17:42 - 2016-06-29 17:42 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\David Jordan\Downloads\spybot-2.4.exe
2016-06-28 18:58 - 2016-06-28 18:58 - 00003364 _____ C:\Windows\System32\Tasks\IBUpd2
2016-06-28 18:57 - 2016-06-28 19:51 - 00000000 ____D C:\Users\David Jordan\AppData\Local\BrowserAir
2016-06-28 18:57 - 2016-06-28 18:57 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2016-06-28 18:56 - 2016-06-28 18:56 - 00512000 _____ C:\ProgramData\smp2.exe
2016-06-28 18:56 - 2016-06-28 18:56 - 00004280 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333133363833323237322d3437415a556c2a3223346c41
2016-06-28 18:56 - 2016-06-28 18:56 - 00004186 _____ C:\Windows\System32\Tasks\SMW_P
2016-06-28 18:56 - 2016-06-28 18:56 - 00000000 ____D C:\ProgramData\SearchModule
2016-06-28 18:56 - 2016-06-28 18:56 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2016-06-28 18:10 - 2016-06-28 18:10 - 00003044 _____ C:\Windows\System32\Tasks\ttwifi
2016-06-28 18:10 - 2016-06-28 18:10 - 00002940 _____ C:\Windows\System32\Tasks\osTip
2016-06-28 18:10 - 2016-06-28 18:10 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-06-28 17:26 - 2016-06-28 17:26 - 00000000 ____D C:\Users\David Jordan\AppData\LocalLow03862268
2016-06-28 17:26 - 2016-06-28 17:26 - 00000000 ____D C:\Users\David Jordan\AppData\LocalLow000000000374E1E8
2016-06-28 11:50 - 2016-06-28 11:50 - 01047552 _____ C:\Windows\system32\bi3.exe
2016-06-28 06:04 - 2016-06-28 06:04 - 00000000 ____D C:\Users\David Jordan\AppData\LocalLow00747758
2016-06-28 06:03 - 2016-06-28 06:03 - 00000000 ____D C:\Users\David Jordan\AppData\LocalLow00000000004CF4F8
2016-06-28 05:28 - 2016-06-28 05:28 - 00000000 ____D C:\Windows\system32\nhco
2016-06-28 04:59 - 2016-06-28 04:59 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\Helmawki
2016-06-28 04:59 - 2016-06-28 04:59 - 00000000 ____D C:\Users\David Jordan\AppData\LocalLow\Company
2016-06-28 04:59 - 2016-06-28 04:59 - 00000000 ____D C:\Users\David Jordan\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-06-28 04:59 - 2016-06-28 04:59 - 00000000 ____D C:\Users\David Jordan\AppData\Local\Tempfolder
2016-06-28 04:59 - 2016-06-28 04:59 - 00000000 ____D C:\uninst
2016-06-27 21:51 - 2016-06-27 22:12 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-06-27 21:51 - 2016-06-27 22:05 - 00000000 ____D C:\Program Files (x86)\elansurfer
2016-06-27 21:51 - 2016-06-27 22:02 - 00000000 ____D C:\Program Files (x86)\mpck
2016-06-27 21:51 - 2016-06-27 21:51 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2016-06-27 21:37 - 2016-06-27 22:02 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\SynciOS Data Transfer
2016-06-27 21:37 - 2016-06-27 21:49 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\Syncios
2016-06-27 21:37 - 2016-06-27 21:37 - 00000000 ____D C:\Users\David Jordan\Documents\Syncios
2016-06-27 21:35 - 2016-06-27 22:05 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-06-27 21:20 - 2016-06-27 21:20 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-06-27 21:20 - 2016-06-27 21:18 - 00000182 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-06-27 21:19 - 2016-07-01 21:59 - 00000000 ____D C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009
2016-06-27 21:17 - 2016-06-27 22:06 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-06-27 21:17 - 2016-06-27 21:17 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\csdimedia
2016-06-27 21:17 - 2016-06-27 21:17 - 00000000 ____D C:\Program Files\Caster
2016-06-27 16:04 - 2016-06-28 04:59 - 00082240 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-06-25 22:27 - 2016-06-25 22:28 - 00001908 _____ C:\Windows\diagwrn.xml
2016-06-25 22:27 - 2016-06-25 22:28 - 00001908 _____ C:\Windows\diagerr.xml
2016-06-25 16:45 - 2016-06-25 16:50 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\HandBrake
2016-06-25 16:42 - 2016-06-25 16:42 - 00000824 _____ C:\Users\David Jordan\Desktop\Handbrake.lnk
2016-06-25 16:42 - 2016-06-25 16:42 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-06-25 16:42 - 2016-06-25 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-06-25 16:42 - 2016-06-25 16:42 - 00000000 ____D C:\Program Files\Handbrake
2016-06-14 21:11 - 2016-06-14 21:11 - 00000672 _____ C:\Users\David Jordan\Desktop\TLC requirments.txt
2016-06-11 00:24 - 2016-06-11 12:07 - 00000000 ____D C:\Users\David Jordan\Desktop\Burges Graduation
2016-06-09 17:39 - 2016-07-02 15:53 - 00000332 _____ C:\Windows\Tasks\iToolsDaemon.job
2016-06-09 17:39 - 2016-06-27 17:08 - 00003332 _____ C:\Windows\System32\Tasks\iToolsDaemon
2016-06-09 17:39 - 2016-06-09 17:39 - 00000000 ____D C:\ProgramData\ThinkSky
2016-06-09 17:39 - 2016-06-09 17:39 - 00000000 ____D C:\Program Files (x86)\ThinkSky
2016-06-08 20:54 - 2016-06-08 20:54 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-08 20:54 - 2016-06-08 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-08 20:54 - 2016-06-08 20:54 - 00000000 ____D C:\Program Files\iTunes
2016-06-08 20:54 - 2016-06-08 20:54 - 00000000 ____D C:\Program Files\iPod
2016-06-08 18:23 - 2016-06-08 18:23 - 00000843 _____ C:\Users\Public\Desktop\Free Editor.lnk
2016-06-08 18:23 - 2016-06-08 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Editor
2016-06-08 18:23 - 2016-06-08 18:23 - 00000000 ____D C:\Program Files\Free Editor
2016-06-08 18:10 - 2016-06-08 18:10 - 00000000 ____D C:\Users\David Jordan\AppData\Local\Blue_Labs,_LLC
2016-06-08 18:10 - 2016-06-08 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskBar
2016-06-08 18:10 - 2016-06-08 18:10 - 00000000 ____D C:\Program Files (x86)\Blue Labs, LLC
2016-06-08 18:04 - 2016-06-08 18:10 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\BlueLabsSoftware
2016-06-08 16:56 - 2016-07-01 22:11 - 00000000 ____D C:\Users\David Jordan\AppData\LocalLow\uTorrent
2016-06-06 21:14 - 2016-06-06 21:14 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\mt_temp
2016-06-06 19:07 - 2016-04-11 19:23 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-06 19:07 - 2016-04-11 19:23 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-06 19:07 - 2016-04-11 19:20 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-06 19:07 - 2016-04-11 19:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-06 19:07 - 2016-04-11 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-06 19:07 - 2016-04-11 19:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-06 19:07 - 2016-04-11 19:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-06 19:07 - 2016-04-11 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-06 19:07 - 2016-04-11 18:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-06 19:07 - 2016-04-11 18:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-06 19:07 - 2016-04-11 18:43 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-06 19:07 - 2016-04-11 18:43 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-06 19:07 - 2016-04-11 18:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-06 19:07 - 2016-04-11 18:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-06 19:07 - 2016-04-11 18:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-06 19:07 - 2016-03-09 13:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-06 19:07 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-06 19:07 - 2016-03-09 12:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-06 19:07 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-06 19:06 - 2016-04-09 00:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-06 19:06 - 2016-04-09 00:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-06 19:06 - 2016-04-09 00:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-06 19:06 - 2016-04-09 00:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-06 19:06 - 2016-04-08 23:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-06 19:06 - 2016-04-08 23:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-06 19:05 - 2016-04-14 10:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-06 19:05 - 2016-04-14 10:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-06 19:05 - 2016-04-14 10:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-06 19:05 - 2016-04-14 10:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-06 19:05 - 2016-04-14 10:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-06 19:05 - 2016-04-14 10:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-06 19:05 - 2016-04-14 09:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-06 19:05 - 2016-04-14 09:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-06 19:05 - 2016-04-14 09:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-06 19:05 - 2016-04-14 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-06 19:05 - 2016-04-14 09:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-06 19:05 - 2016-04-14 09:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-05 15:55 - 2016-04-23 11:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-05 15:55 - 2016-04-23 10:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-05 15:55 - 2016-04-22 23:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-05 15:55 - 2016-04-22 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-05 15:55 - 2016-04-22 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-05 15:55 - 2016-04-22 23:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-05 15:55 - 2016-04-22 23:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-05 15:55 - 2016-04-22 23:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-05 15:55 - 2016-04-22 23:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-05 15:55 - 2016-04-22 23:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-05 15:55 - 2016-04-22 23:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-05 15:55 - 2016-04-22 22:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-05 15:55 - 2016-04-22 22:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-05 15:55 - 2016-04-22 22:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-05 15:55 - 2016-04-22 22:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-05 15:55 - 2016-04-22 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-05 15:55 - 2016-04-22 22:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-05 15:55 - 2016-04-22 22:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-05 15:55 - 2016-04-22 22:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-05 15:55 - 2016-04-22 22:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-05 15:55 - 2016-04-22 22:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-05 15:55 - 2016-04-22 22:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-05 15:55 - 2016-04-22 22:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-05 15:55 - 2016-04-22 22:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-05 15:55 - 2016-04-22 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-05 15:55 - 2016-04-22 22:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-05 15:55 - 2016-04-22 22:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-05 15:55 - 2016-04-22 22:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-05 15:55 - 2016-04-22 22:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-05 15:55 - 2016-04-22 22:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-05 15:55 - 2016-04-22 22:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-05 15:55 - 2016-04-22 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-05 15:55 - 2016-04-22 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-05 15:55 - 2016-04-22 22:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-05 15:55 - 2016-04-22 22:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-05 15:55 - 2016-04-22 22:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-05 15:55 - 2016-04-22 22:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-05 15:55 - 2016-04-22 22:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-05 15:55 - 2016-04-22 22:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-05 15:55 - 2016-04-22 22:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-05 15:55 - 2016-04-22 22:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-05 15:55 - 2016-04-22 22:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-05 15:55 - 2016-04-22 22:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-05 15:55 - 2016-04-22 21:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-05 15:55 - 2016-04-22 21:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-05 15:55 - 2016-04-22 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-05 15:55 - 2016-04-22 21:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-05 15:55 - 2016-04-22 21:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-05 15:55 - 2016-04-22 21:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-05 15:55 - 2016-04-22 21:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-05 15:55 - 2016-04-22 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-05 15:55 - 2016-04-22 21:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-05 15:55 - 2016-04-22 21:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-05 15:55 - 2016-04-22 21:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-05 15:55 - 2016-04-22 21:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-05 15:55 - 2016-04-22 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-05 15:55 - 2016-04-22 21:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-05 15:55 - 2016-04-22 21:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-05 15:55 - 2016-04-22 21:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-05 15:55 - 2016-04-22 21:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-05 15:55 - 2016-04-22 21:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-05 15:55 - 2016-04-22 21:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-05 15:55 - 2016-04-22 21:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-05 15:55 - 2016-04-22 21:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-05 15:55 - 2016-04-22 21:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-05 15:55 - 2016-04-22 21:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-05 15:55 - 2016-04-14 07:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-06-05 15:55 - 2016-04-14 07:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-06-05 15:55 - 2016-04-09 01:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-05 15:55 - 2016-04-09 01:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-06-05 15:55 - 2016-04-09 00:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-05 15:55 - 2016-04-09 00:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-05 15:55 - 2016-04-09 00:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-05 15:55 - 2016-04-09 00:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-05 15:55 - 2016-04-09 00:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-05 15:55 - 2016-04-08 23:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-05 15:55 - 2016-04-06 09:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-06-05 15:55 - 2016-03-09 12:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-06-05 15:55 - 2016-03-09 12:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-06-05 15:53 - 2016-04-09 01:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-06-05 15:53 - 2016-04-09 01:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-05 15:53 - 2016-04-09 01:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-06-05 15:53 - 2016-04-09 00:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-06-05 15:53 - 2016-04-09 00:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-06-05 15:53 - 2016-04-09 00:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-05 15:53 - 2016-04-09 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-06-05 15:53 - 2016-04-09 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-06-05 15:53 - 2016-04-09 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-06-05 15:53 - 2016-04-09 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-06-05 15:53 - 2016-04-09 00:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-06-05 15:53 - 2016-04-09 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-06-05 15:53 - 2016-04-09 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-05 15:53 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-05 15:53 - 2016-04-08 23:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-06-05 15:53 - 2016-04-08 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-06-05 15:53 - 2016-04-08 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-06-05 15:53 - 2016-04-08 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-06-05 15:53 - 2016-04-08 23:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-06-05 15:53 - 2016-04-08 23:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-06-05 15:53 - 2016-04-08 23:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-06-05 15:53 - 2016-04-08 23:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-06-05 15:53 - 2016-04-08 23:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-06-05 15:53 - 2016-04-08 23:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-06-05 15:53 - 2016-04-08 23:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-05 15:53 - 2016-04-08 23:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-05 15:53 - 2016-04-08 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-05 15:53 - 2016-04-08 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-05 15:53 - 2016-04-08 22:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-06-05 15:53 - 2016-04-08 21:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-02 16:31 - 2009-07-13 22:45 - 00023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-02 16:31 - 2009-07-13 22:45 - 00023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-02 16:15 - 2015-04-18 10:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-02 15:45 - 2015-03-28 14:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 15:37 - 2015-04-09 22:45 - 00000000 ____D C:\Users\David Jordan\AppData\Local\Adobe
2016-07-02 15:37 - 2015-03-28 14:55 - 00001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-02 15:37 - 2015-03-28 14:54 - 00002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-02 15:37 - 2015-03-28 14:32 - 00001613 _____ C:\Users\David Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-02 15:26 - 2015-03-28 14:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-02 15:25 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-01 23:41 - 2015-04-30 21:48 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\uTorrent
2016-07-01 22:11 - 2015-05-18 21:26 - 00000000 ____D C:\Users\David Jordan\Downloads\TorDownloads
2016-06-30 20:57 - 2016-03-25 13:33 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-06-30 20:55 - 2016-03-25 13:22 - 00000000 ____D C:\Program Files\TrueKey
2016-06-30 20:30 - 2016-04-01 18:01 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-06-29 21:24 - 2015-04-12 15:45 - 00000000 ____D C:\Users\David Jordan\AppData\Local\Newsbin
2016-06-29 17:52 - 2015-09-26 21:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-29 17:48 - 2016-03-25 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-29 17:48 - 2015-09-26 21:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-29 05:11 - 2015-04-09 16:13 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\vlc
2016-06-28 20:03 - 2015-06-07 20:20 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-28 19:48 - 2015-05-18 17:22 - 00000000 ____D C:\Users\David Jordan\.android
2016-06-28 19:48 - 2015-05-18 17:22 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-28 17:54 - 2015-03-28 14:48 - 00000000 ____D C:\Users\David Jordan\AppData\Local\ElevatedDiagnostics
2016-06-28 06:12 - 2015-03-28 15:38 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\DNSAPI.dll
2016-06-27 21:13 - 2015-10-03 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-27 21:13 - 2015-08-08 12:53 - 00001219 _____ C:\Users\David Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-06-26 21:40 - 2015-04-12 15:46 - 00000000 ____D C:\Users\David Jordan\Documents\Newsbin
2016-06-25 16:24 - 2015-07-27 22:09 - 00000000 ____D C:\Program Files (x86)\WinAVI
2016-06-24 20:32 - 2009-07-13 23:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-24 20:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-06-16 20:44 - 2015-04-09 16:11 - 00001213 _____ C:\Users\David Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-06-15 14:40 - 2010-11-20 21:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-12 14:10 - 2009-07-13 23:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-11 12:06 - 2015-03-28 14:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-11 01:16 - 2016-04-26 17:55 - 00000128 _____ C:\Users\David Jordan\Desktop\JordanYearbookPacemaker.txt
2016-06-11 00:01 - 2015-04-18 10:54 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-11 00:01 - 2015-04-18 10:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-11 00:01 - 2015-04-18 10:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-09 20:56 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-06-08 20:54 - 2016-04-25 17:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-08 20:54 - 2015-08-08 17:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-08 05:19 - 2015-04-09 22:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-08 05:16 - 2015-04-22 04:33 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-06-05 17:16 - 2009-07-13 22:45 - 05046312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-05 17:11 - 2015-04-19 06:56 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-05 17:11 - 2015-04-13 02:29 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-05 17:11 - 2015-04-13 02:29 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-05 17:11 - 2011-04-12 02:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-05 16:25 - 2015-03-28 15:58 - 00000000 ____D C:\Windows\system32\MRT
2016-06-05 16:15 - 2015-03-28 15:58 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-05 13:05 - 2015-05-11 23:17 - 00000000 ____D C:\Users\David Jordan\AppData\Roaming\Apple Computer
2016-06-04 13:14 - 2015-04-25 22:57 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture 7
2016-06-03 18:41 - 2015-06-05 22:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-10-18 17:17 - 2015-10-18 17:17 - 0000045 _____ () C:\Users\David Jordan\AppData\Roaming\WB.CFG
2015-06-05 21:06 - 2015-06-05 21:06 - 182572124 _____ () C:\Users\David Jordan\AppData\Local\ACCCx3_0_1_88.zip.aamdownload
2015-06-05 21:06 - 2015-06-05 21:06 - 0002109 _____ () C:\Users\David Jordan\AppData\Local\ACCCx3_0_1_88.zip.aamdownload.aamd
2015-12-09 20:36 - 2015-12-09 20:36 - 0003584 _____ () C:\Users\David Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-22 23:39 - 2015-11-22 23:39 - 0968939 _____ () C:\Users\David Jordan\AppData\Local\ISO-Burner_667.rar
2015-12-01 21:41 - 2015-11-22 23:39 - 1020214 _____ (Program ) C:\Users\David Jordan\AppData\Local\isoburner_setup.exe
2015-10-08 20:57 - 2015-10-08 20:57 - 0007606 _____ () C:\Users\David Jordan\AppData\Local\Resmon.ResmonCfg
2015-10-24 11:21 - 2015-10-24 11:21 - 0000000 _____ () C:\Users\David Jordan\AppData\Local\{77BAF9F0-60ED-457F-9A6C-1F087CE20B53}
2016-04-13 17:27 - 2016-04-13 17:29 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-06-28 18:56 - 2016-06-28 18:56 - 0512000 _____ () C:\ProgramData\smp2.exe

Files to move or delete:

Some files in TEMP:
C:\Users\David Jordan\AppData\Local\Temp\314D.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\3AB2.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\4CD8.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\6836.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\7D1D.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\8E03.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\99D0.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\9CDC.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\9DF9.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\A16.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\BDE2.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\C3EB.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\C44D.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\C67A.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\CBC7.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\fsd4308.exe
C:\Users\David Jordan\AppData\Local\Temp\fsd62F7.exe
C:\Users\David Jordan\AppData\Local\Temp\fsdF2B7.exe
C:\Users\David Jordan\AppData\Local\Temp\kernel32.dll
C:\Users\David Jordan\AppData\Local\Temp\ose00000.exe
C:\Users\David Jordan\AppData\Local\Temp\Syncios.exe
C:\Users\David Jordan\AppData\Local\Temp\SynciosDeviceService.exe
C:\Users\David Jordan\AppData\Local\Temp\_is2165.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-06-27 05:56

==================== End of FRST.txt ============================

2016-07-03, 15:54
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Users\David Jordan\AppData\Roaming\Helmawki\Helmawki.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Next please have these files scanned
C:\Users\David Jordan\AppData\Roaming\UpepbaVen\Firasi.exe

Please post the links to these scanned files in your next reply.


click on the Start button and then select Control Panel.
For Windows Vista, Windows 7, Windows 8, and Windows 10 double-click on the Uninstall Program option.
When the Add or Remove Programs or the Uninstall Program screen is displayed, please scroll through the list of programs and double-click on each of the entries listed in bold below to uninstall them. (If Found)

Search Module Plus

We'll continue with the information posted from the FRST log but, I will also need to see the results from the Addition.txt soon which can be copied and pasted in like the FRST log when first ran.


Running from C:\Users\David Jordan\Searches

It's best we move Farbar's to desktop.

Please go to your David Jordan\Searches folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


HKLM\...\RunOnce: [OTUTPRODUCT_PMGZD] => C:\Program Files (x86)\mpck\otutnetwork.exe [563200 2016-06-27] (twKn5b)
HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\Update\activate.exe [ ] () <=== ATTENTION
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [1943552 2016-06-23] ()
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\...\Winlogon: [Shell] C:\Program Files (x86)\Update\activate.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1402068237-2833657262-1091988779-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_gmmedply_15_42&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0F0FtD0BtDzytDyBtC0B0CyDtByEtN0D0Tzu0StCtAzzyCtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDyB0E0Czz0FtAtBtGyE0FyDzytG0ByC0DyDtGtB0D0CtBtGyD0AyDzytA0AtB0D0Ezy0B0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0Ezz0EyCyEtByBtGyCyE0FyCtGyEzztDyEtGzz0A0BtDtGzz0FyBtAtB0DyEyDyCyC0Dzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D1578239634%26a%3Dwbf_gmmedply_15_42%26os%3DWindows%2B7%2BProfessional
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1402068237-2833657262-1091988779-1000 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-1402068237-2833657262-1091988779-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D062615-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1402068237-2833657262-1091988779-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
FF Keyword.URL: hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=g6szftptn095001ar,ea8470f0-bd3e-4e2a-82f5-0912af97db17,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
S4 Shell&ServicesEngine; C:\Program Files\Shell&ServicesEngine\Shell&ServicesEngine.exe [16384 2015-04-09] () [File not signed] <==== ATTENTION
S4 Shell&ServicesEngine_updater_service; C:\Program Files\Shell&ServicesEngine\Shell&ServicesEngine_updater_service.exe [12288 2015-04-10] () [File not signed] <==== ATTENTION
C:\Program Files\Shell&ServicesEngine\Shell&ServicesEngine.exe
C:\Program Files\Shell&ServicesEngine\Shell&ServicesEngine_updater_service.exe
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3107328 2016-06-28] (Search Module Ltd.) [File not signed]
C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
R2 petiwyruzbt; C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\knsk613E.tmp [259072 2016-07-01] () [File not signed]
R2 rijufoze; C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\hnsdB0AF.tmp [138240 2016-06-27] () [File not signed]
C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\hnsdB0AF.tmp
C:\Program Files (x86)\03AA02FC-1467083992-0575-2306-520700080009\knsk613E.tmp
R2 zigipyro; C:\Users\David Jordan\AppData\Local\03AA02FC-1467475073-0575-2306-520700080009\qnsx12B.tmp [158720 2015-12-26] () [File not signed]
C:\Users\David Jordan\AppData\Local\03AA02FC-1467475073-0575-2306-520700080009\qnsx12B.tmp
R2 61c5966b9ef447a28a6330374619a0c4; "C:\Program Files\046bcef5b4d38720c351415c266490e5\7102a1b11f7c51f8446972d11fc2010d.exe" [X]
C:\Program Files\046bcef5b4d38720c351415c266490e5\7102a1b11f7c51f8446972d11fc2010d.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear
2016-06-28 18:56 - 2016-06-28 18:56 - 00004186 _____ C:\Windows\System32\Tasks\SMW_P
C:\Program Files\Common Files\Noobzo
C:\Program Files (x86)\CleanBrowser
C:\Program Files (x86)\elansurfer
C:\Users\David Jordan\AppData\Local\Temp\314D.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\3AB2.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\4CD8.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\6836.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\7D1D.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\8E03.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\99D0.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\9CDC.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\9DF9.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\A16.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\BDE2.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\C3EB.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\C44D.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\C67A.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\CBC7.tmp.exe
C:\Users\David Jordan\AppData\Local\Temp\fsd4308.exe
C:\Users\David Jordan\AppData\Local\Temp\fsd62F7.exe
C:\Users\David Jordan\AppData\Local\Temp\fsdF2B7.exe
C:\Users\David Jordan\AppData\Local\Temp\kernel32.dll
C:\Users\David Jordan\AppData\Local\Temp\ose00000.exe
C:\Users\David Jordan\AppData\Local\Temp\Syncios.exe
C:\Users\David Jordan\AppData\Local\Temp\SynciosDeviceService.exe
C:\Users\David Jordan\AppData\Local\Temp\_is2165.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.


http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

please post
links to files scanned
MalwareBytes log

2016-07-05, 20:42
still need help?

2016-07-09, 21:36
Due to the lack of feedback this Topic is closed.