Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware ad.afy11.net/sbx1.afy11.net


  • This topic is locked This topic is locked
6 replies to this topic

#1 melbb

melbb

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 AM

Posted 10 September 2015 - 11:39 AM

Yesterday I was updating some programs to run my weekly adware/spyware scans and when I updated Malwarebytes they offered a 30 day trial of their paid program. Today I am getting bombarded with popups from malwarebytes about blocking ad.afy11.net and sbx1.afy11.net. I am using Chrome. Thanks for your help. Here are the FRST logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015
Ran by Melanie (administrator) on BEEBE-PC (10-09-2015 12:08:35)
Running from C:\Users\Melanie\Desktop
Loaded Profiles: Melanie (Available Profiles: Melanie & Kirk & Audrey)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Melanie\AppData\Local\Google\Chrome\Application\chrome..exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(North Star com.) C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
(EuroSmartz Ltd) C:\Program Files (x86)\WePrint\WePrint Server.exe
(Google Inc.) C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PDFViewer\PdfPro7Hook.exe
(Dell Inc.) C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Users\Melanie\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Users\Melanie\Downloads\AdwCleaner.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [289600 2011-02-14] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1370624 2010-08-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-07-04] (Apple Inc.)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Dell Printers\PaperPort\pptd40nt.exe [38848 2011-11-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Dell Printers\PaperPort\IndexSearch.exe [51136 2011-11-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Dell Printers\PDFViewer\pdfpro7hook.exe [607632 2012-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [LauncherC1765nf] => C:\Program Files (x86)\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-02-06] (Dell Inc.)
HKLM-x32\...\Run: [StatusAutoRunC1765nf] => C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3850216 2013-02-06] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-27] (Oracle Corporation)
HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\Run: [Google Update] => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-12-21]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Frame.lnk [2011-04-15]
ShortcutTarget: Photo Frame.lnk -> C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe (North Star com.)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk [2011-12-21]
ShortcutTarget: WePrint Server.lnk -> C:\Program Files (x86)\WePrint\WePrint Server.exe (EuroSmartz Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2752660347-3678198734-3739959177-1002\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{5DC984CC-C48F-4665-80BE-72F1EAAF915D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7FA5CE72-E3D2-4BBF-80D2-29218E6A8715}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Dell Printers\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
 
FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\on536ews.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-11-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Dell Printers\PDFViewer\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2752660347-3678198734-3739959177-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2752660347-3678198734-3739959177-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Extension: Flashblock - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\on536ews.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-07-19]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
StartMenuInternet: Google Chrome - C:\Users\Melanie\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"BFE" => service could not be unlocked. <===== ATTENTION
 
U2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5531008 2015-08-19] (Emsisoft Ltd)
U2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-04] (Apple Inc.)
U2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-09] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
U3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-11-18] (Creative Labs) [File not signed]
U3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-11-18] (Creative Labs) [File not signed]
U2 DLNBDB; C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [244712 2013-02-06] ()
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
U3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
U2 NMSAccess; C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe [45056 2005-12-07] () [File not signed]
U2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-02-14] (NTI Corporation)
U2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe [219536 2012-06-21] (Nuance Communications, Inc.)
U2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-04] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-04] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-04] (COMODO)
U3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [138504 2015-08-06] (Emsisoft GmbH)
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-04] (COMODO)
U3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
U3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-10] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
U5 BFE;  <===== ATTENTION: Locked Service
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 12:08 - 2015-09-10 12:09 - 00021268 _____ C:\Users\Melanie\Desktop\FRST.txt
2015-09-10 12:08 - 2015-09-10 12:08 - 00000000 ____D C:\FRST
2015-09-10 12:06 - 2015-09-10 12:06 - 01660416 _____ C:\Users\Melanie\Downloads\AdwCleaner (1).exe
2015-09-10 11:40 - 2015-09-10 11:40 - 02190848 _____ (Farbar) C:\Users\Melanie\Desktop\FRST64.exe
2015-09-10 11:26 - 2015-09-10 11:26 - 00004244 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-2752660347-3678198734-3739959177-1000
2015-09-10 11:26 - 2015-09-10 11:26 - 00003306 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-2752660347-3678198734-3739959177-1000
2015-09-10 11:26 - 2015-09-10 11:26 - 00001113 _____ C:\Users\Melanie\Desktop\Avast Browser Cleanup.lnk
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ____D C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ____D C:\Users\Melanie\AppData\Roaming\AVAST Software
2015-09-10 09:07 - 2015-09-10 12:07 - 00000000 ____D C:\AdwCleaner
2015-09-10 08:06 - 2015-09-10 08:06 - 03824464 _____ (AVAST Software) C:\Users\Melanie\Downloads\avast-browser-cleanup-sfx.exe
2015-09-10 08:06 - 2015-09-10 08:06 - 01660416 _____ C:\Users\Melanie\Downloads\AdwCleaner.exe
2015-09-10 07:57 - 2015-09-10 07:57 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Melanie\Downloads\SpyHunter-Installer.exe
2015-09-09 02:30 - 2015-09-09 02:30 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 02:30 - 2015-09-09 02:30 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 02:30 - 2015-09-09 02:30 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 02:30 - 2015-09-09 02:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 02:29 - 2015-09-09 02:29 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 02:29 - 2015-09-09 02:29 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 02:29 - 2015-08-15 02:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 02:29 - 2015-08-15 02:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 02:29 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 02:29 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 02:28 - 2015-09-09 02:28 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 02:27 - 2015-09-09 02:27 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 02:27 - 2015-09-09 02:27 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 02:27 - 2015-09-09 02:27 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 02:27 - 2015-09-09 02:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 02:25 - 2015-09-09 02:25 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 02:25 - 2015-09-09 02:25 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 02:25 - 2015-09-09 02:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 02:25 - 2015-09-09 02:25 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 02:24 - 2015-09-09 02:24 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-07 12:22 - 2015-09-07 12:23 - 00078704 _____ C:\Users\Audrey\Downloads\Hamsterrific-0.2.0.jar.zip
2015-09-07 12:11 - 2015-09-07 12:11 - 07068869 _____ C:\Users\Audrey\Downloads\1.7.10-zeldaswordskills-2.2.8b.jar
2015-09-07 12:07 - 2015-09-07 12:07 - 07312645 _____ C:\Users\Audrey\Downloads\1.8-zeldaswordskills-3.0.3b.jar
2015-09-07 12:05 - 2015-09-07 12:07 - 00000000 ____D C:\Users\Audrey\Desktop\1.8mods
2015-09-07 12:04 - 2015-09-07 09:49 - 00413842 _____ C:\Users\Audrey\Downloads\SpiderQueenReborn-1.7.10-1.2.2-universal.jar
2015-09-07 11:56 - 2015-09-07 11:56 - 00237809 _____ C:\Users\Audrey\Downloads\stillhungry-1.7.2-2.1.1.jar
2015-09-07 09:56 - 2015-09-07 09:56 - 00093547 _____ C:\Users\Audrey\Downloads\RadixCore-1.7.10-1.3.4-universal.jar
2015-09-07 09:49 - 2015-09-07 12:24 - 00000000 ____D C:\Users\Audrey\Desktop\1.7.10 mods
2015-09-06 18:26 - 2015-09-06 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-06 18:26 - 2015-09-06 18:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Kirk\AppData\Roaming\Sun
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Kirk\.oracle_jre_usage
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Audrey\AppData\Roaming\Sun
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Audrey\.oracle_jre_usage
2015-08-27 12:05 - 2015-08-27 12:05 - 00000000 ____D C:\Users\Melanie\AppData\Roaming\Sun
2015-08-27 12:05 - 2015-08-27 12:05 - 00000000 ____D C:\Users\Melanie\.oracle_jre_usage
2015-08-22 15:09 - 2015-09-03 11:43 - 00000000 ____D C:\Users\Kirk\AppData\Local\CrashDumps
2015-08-22 14:46 - 2015-08-22 14:46 - 03807291 _____ C:\Users\Kirk\Downloads\TrueMass Complex Lipid Platform Overview 7-15-15.pptx
2015-08-22 11:06 - 2015-08-22 11:06 - 00272229 _____ C:\Users\Kirk\Desktop\shutterstock_267230051.eps
2015-08-19 20:45 - 2015-08-19 20:45 - 00000358 _____ C:\Users\Melanie\Downloads\s-pm-regional-rate-boxes.csv
2015-08-19 19:54 - 2015-09-05 21:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-15 10:31 - 2015-08-15 10:31 - 00001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-15 10:31 - 2015-08-15 10:31 - 00001760 _____ C:\ProgramData\Desktop\iTunes.lnk
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\Program Files\iTunes
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\Program Files\iPod
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-13 03:28 - 2015-08-13 03:28 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:28 - 2015-08-13 03:28 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 07:10 - 2015-08-12 07:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 07:10 - 2015-08-12 07:10 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 07:10 - 2015-08-12 07:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 07:06 - 2015-08-12 07:06 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 07:06 - 2015-08-12 07:06 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 07:06 - 2015-08-12 07:06 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 07:06 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 12:08 - 2015-01-25 18:43 - 00006208 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-09-10 12:07 - 2015-01-25 15:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-10 12:04 - 2011-12-21 19:01 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-09-10 12:03 - 2011-12-21 17:58 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-09-10 12:00 - 2011-12-21 16:38 - 00000402 _____ C:\Windows\Tasks\Gateway Registration - Data Sending task.job
2015-09-10 11:55 - 2011-12-22 09:43 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA.job
2015-09-10 11:54 - 2015-01-25 14:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 11:46 - 2009-07-14 01:13 - 00899964 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 11:34 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-10 11:34 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-10 11:28 - 2011-11-18 05:56 - 01489436 _____ C:\Windows\WindowsUpdate.log
2015-09-10 11:25 - 2013-11-04 00:35 - 00000000 ____D C:\Users\Melanie\Documents\WePrint
2015-09-10 11:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-10 11:24 - 2009-07-14 00:51 - 00059248 _____ C:\Windows\setupact.log
2015-09-10 07:57 - 2011-04-15 05:37 - 00000000 ____D C:\ProgramData\Temp
2015-09-10 07:45 - 2011-12-21 17:58 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-09-09 19:55 - 2011-12-22 09:43 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core.job
2015-09-09 10:01 - 2015-07-16 18:54 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-09 10:01 - 2015-01-25 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-09 10:01 - 2015-01-25 14:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-09 10:01 - 2013-11-04 00:07 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-09 10:01 - 2013-11-04 00:07 - 00001113 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-09 04:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 03:43 - 2009-07-14 00:45 - 00304808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 03:40 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 03:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 03:23 - 2013-11-04 00:54 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 03:08 - 2011-12-21 18:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-08 18:09 - 2015-03-31 17:40 - 00000000 ____D C:\Users\Audrey\AppData\Local\CrashDumps
2015-09-07 12:43 - 2015-05-16 11:56 - 00000000 ____D C:\Users\Audrey\AppData\Roaming\.minecraft
2015-09-06 18:26 - 2015-03-30 07:20 - 00001941 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-06 18:26 - 2015-03-30 07:20 - 00001941 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2015-09-05 21:56 - 2011-12-22 09:44 - 00002409 _____ C:\Users\Melanie\Desktop\Google Chrome.lnk
2015-09-05 21:46 - 2013-11-03 23:57 - 00000000 ___RD C:\Users\Melanie\Desktop\New Photo Uploads
2015-09-05 21:38 - 2011-12-22 09:12 - 00000000 ____D C:\Users\Melanie\AppData\Local\CrashDumps
2015-09-05 21:37 - 2015-05-16 11:43 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-09-05 21:35 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-05 21:32 - 2015-01-26 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 21:32 - 2010-11-20 23:47 - 00464040 _____ C:\Windows\PFRO.log
2015-09-05 21:28 - 2015-02-02 12:31 - 00014975 _____ C:\Users\Melanie\Desktop\Melanie Labs.xlsx
2015-09-03 07:52 - 2011-12-19 19:58 - 00579408 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-09-03 07:52 - 2011-12-19 19:58 - 00445472 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-09-01 22:52 - 2013-11-04 00:11 - 00000000 ____D C:\Users\Melanie\Documents\Ebay
2015-08-30 08:27 - 2015-08-04 18:05 - 00000000 ____D C:\Users\Melanie\Documents\thyroid stuff
2015-08-28 11:43 - 2013-11-03 23:41 - 00000000 ____D C:\Users\Audrey
2015-08-28 11:43 - 2011-12-22 08:51 - 00000000 ____D C:\Users\Kirk
2015-08-27 20:20 - 2015-05-16 13:25 - 00000000 ____D C:\ProgramData\Oracle
2015-08-27 19:50 - 2011-12-22 09:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA
2015-08-27 19:50 - 2011-12-22 09:43 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core
2015-08-27 12:08 - 2015-05-16 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 12:08 - 2015-05-16 13:25 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 12:05 - 2011-12-21 16:35 - 00000000 ____D C:\Users\Melanie
2015-08-27 12:03 - 2015-05-16 13:26 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-26 18:37 - 2013-11-04 00:54 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 20:25 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-22 12:12 - 2015-05-30 13:31 - 00000000 ____D C:\Users\Kirk\AppData\Local\Windows Live
2015-08-21 18:04 - 2013-11-04 00:35 - 00000000 ____D C:\Users\Melanie\Documents\RECIPES
2015-08-15 10:31 - 2011-12-22 10:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-13 03:48 - 2013-11-04 01:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:48 - 2013-11-04 01:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:46 - 2015-06-05 07:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 03:46 - 2015-06-05 07:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 03:28 - 2013-11-04 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 08:07 - 2015-01-25 15:07 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 08:07 - 2015-01-25 15:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 08:07 - 2015-01-25 15:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Files to move or delete:
====================
C:\Users\Melanie\dummy1.dat
 
 
Some files in TEMP:
====================
C:\Users\Audrey\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Kirk\AppData\Local\Temp\cct.dll
C:\Users\Kirk\AppData\Local\Temp\JavaIC.dll
C:\Users\Kirk\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Kirk\AppData\Local\Temp\msscct32.dll
C:\Users\Kirk\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Melanie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Melanie\AppData\Local\Temp\ose00000.exe
C:\Users\Melanie\AppData\Local\Temp\sqlite3.dll
C:\Users\Melanie\AppData\Local\Temp\{970182BD-F80F-45E0-9849-7A85D2E3B1E5}vsscomproxy.dll
C:\Users\Melanie\AppData\Local\Temp\{CA2773D3-F04A-41E5-99A4-673688611876}vsscomproxy64.dll
C:\Users\Melanie\AppData\Local\Temp\{D642A643-8BAE-46CC-9791-2B9E0030D439}vsscom.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-05 22:42
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015
Ran by Melanie (2015-09-10 12:10:35)
Running from C:\Users\Melanie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-21 20:35:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2752660347-3678198734-3739959177-500 - Administrator - Disabled)
Audrey (S-1-5-21-2752660347-3678198734-3739959177-1002 - Administrator - Enabled) => C:\Users\Audrey
Guest (S-1-5-21-2752660347-3678198734-3739959177-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2752660347-3678198734-3739959177-1004 - Limited - Enabled)
Kirk (S-1-5-21-2752660347-3678198734-3739959177-1001 - Administrator - Enabled) => C:\Users\Kirk
Melanie (S-1-5-21-2752660347-3678198734-3739959177-1000 - Administrator - Enabled) => C:\Users\Melanie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{112F562D-96D7-13A7-762F-AFDB7A7B4F5E}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Browser Cleanup (HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.2.83 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cheetah DVD Burner (HKLM-x32\...\{563E2BC8-A0CA-4A81-9DD2-897BB326C679}) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 15.0 - COMODO)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.9.23255.2196 - COMODO Security Solutions Inc.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1421_35790 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell C1765 Color MFP (HKLM-x32\...\InstallShield_{6ADD1CA2-0A4C-47DF-B9E3-B0363FB7515B}) (Version: 1.021.0 - Dell Inc.)
Dell C1765 Color MFP (x32 Version: 1.021.0 - Dell Inc.) Hidden
Dell Printer Driver Updater (x32 Version: 1.006.00 - Dell) Hidden
Dell Printer Driver Updater (x32 Version: 1.018.00 - Dell) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.0 - Emsi Software GmbH)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.2.83 - NTI Corporation)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Google Chrome (HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nuance PaperPort 14 (HKLM-x32\...\{848ABE9C-B7AA-4064-809F-7F38616918FF}) (Version: 14.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{12D745BA-7DEE-45C4-B2EA-E8CABE4361DE}) (Version: 7.10.3211 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Frame (HKLM-x32\...\{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1) (Version: 5.0.0.11_V3 - Northstar Systems Corp.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plus Pack for Acronis True Image Home 2012 (HKLM-x32\...\{A8EFC6C1-DF0C-4F51-8779-EAC4CDB440A4}) (Version: 15.0.6131 - Acronis)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
THX TruStudio Pro (HKLM-x32\...\{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}) (Version: 1.0 - Creative Technology Limited)
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
WePrint (HKLM-x32\...\WePrint) (Version:  - EuroSmartz Ltd)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.3.57 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-09-06 18:26 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DAEAFC6-7AE5-436C-95C8-614F06418548} - System32\Tasks\{A96C26F9-FA7C-4DA9-AC74-1DE34AABC541} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {259F307A-9E41-45B4-B505-CDCF845AA24F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {38165727-307D-4E01-88E9-16E0B9D24F3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {45592281-3ECE-4044-B9B8-D00F32EE31E5} - System32\Tasks\{6802422A-D330-4965-B2DF-B81DF01F6F2C} => pcalua.exe -a C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe -d C:\Users\Melanie\Desktop
Task: {470F7D76-8DD7-4D4A-BD69-626B9FA54B89} - System32\Tasks\Gateway Registration - Data Sending task => C:\Program Files (x86)\Gateway\Registration\GREG.exe [2010-04-27] (Acer Incorporated)
Task: {4ABA2AD7-C6CA-4AA1-9023-38A13C80AB89} - System32\Tasks\{9EBBC4FE-CB37-4B29-8322-0CC97CFA2D66} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {4B7ABC45-5013-4789-94A0-B454890C26F6} - System32\Tasks\{665F1DD8-A93D-4EC9-91DB-4B7562CCEA67} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {5CB4E142-41F5-436C-8F54-A0648AF85B66} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)
Task: {5FBB5F16-B043-49E5-9C5C-A0F8AD9A3200} - System32\Tasks\{A01C3BF5-AE3C-4BBD-A21A-70E3EA9A6502} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {603AF43A-F8BF-4EF9-86B5-448461A55448} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-02-21] (CyberLink)
Task: {74BEEA11-49C9-41BF-ADCB-A8DDAE574AA5} - System32\Tasks\{D131ED58-1545-40C4-8EAE-6E2459C4593C} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {74D3C30A-67E4-4E18-A9FE-8A52542A38AA} - System32\Tasks\{73B69B9B-E810-4898-A503-6B9654E7D9FB} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {79F815CF-F48C-4AA5-8669-B62206150B61} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {7CB72DC4-9D0A-412C-9558-06747CBAE92B} - System32\Tasks\{7866F56C-AEE3-4639-8068-0B6716B522BF} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {9526B92E-5584-4056-9479-DDFEF0719036} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {98C4E0BB-FADB-4673-B04F-629089326B9B} - System32\Tasks\{C67B5A73-168A-4F1E-B4F2-382AFB261D54} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {99D2AC01-D4A9-4BDD-862D-4CBB12EBA164} - System32\Tasks\{38A47DAF-555B-4C14-BADB-A8AFFA3D7B2D} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {A7F0162D-9B24-4702-8D6E-4043A8D021E1} - System32\Tasks\{A2583807-F0A2-44E3-8587-7D22C961E7AE} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {AAC65EAA-0A60-4E35-A946-07B1AC96FA0C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B46263FE-0BBE-445D-8DA6-8F646ACE838E} - System32\Tasks\{BCD7E449-BAF3-4527-866A-9C026D4664B4} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {C24B54AF-D904-4553-8D24-255EBD37DC7C} - System32\Tasks\avastBCLS-1-5-21-2752660347-3678198734-3739959177-1000 => C:\Users\Melanie\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-07-27] (AVAST Software)
Task: {C762227A-F3F2-4E6C-A23A-10F69A5BF001} - System32\Tasks\{89488E37-75D5-4676-BA13-ACF63516450F} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {CA57C5EB-F1B5-4D83-8415-8C9F512F6839} - System32\Tasks\{93C0BFCC-DED6-4CD9-9E37-307877D38015} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {DBC36666-2916-4302-88DF-0094E939E214} - System32\Tasks\{4BA7813D-46C3-4513-BCAD-9875406A4173} => pcalua.exe -a C:\Users\Melanie\Documents\Software\TrueImage11.8101_s_en.exe -d C:\Users\Melanie\Documents\Software
Task: {DF09C606-74DB-4039-8C7F-286E12A3E728} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {E1B7E453-33F1-4532-8606-250D196382D1} - System32\Tasks\{1F86BE33-EFBC-4784-8177-C5B6C529F251} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {E2624D21-1827-443E-B6CD-0FCABFB05D1B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {E3928A77-0B15-49EC-8665-318091403CE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {ED476624-FFC7-4F22-AA0B-0EF7D8F74F59} - System32\Tasks\{0CB4D334-A5D7-485F-9E04-FD2E4EF9EAB1} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {EF7B6439-A09C-4937-9778-43A7A09EB0B7} - System32\Tasks\avast! BCU UpdateS-1-5-21-2752660347-3678198734-3739959177-1000 => C:\Users\Melanie\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {F69648D1-A5CD-4F2D-913B-0D8B5FFC8141} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAD9D1AB-782B-42F3-B41F-0F1C3060753D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Gateway Registration - Data Sending task.job => C:\Program Files (x86)\Gateway\Registration\GREG.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-05 17:57 - 2012-06-20 16:15 - 00032768 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dltfm1zPP.dll
2013-11-05 17:56 - 2013-02-01 17:07 - 12875264 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlthm1zRC.DLL
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-06 18:40 - 2013-02-06 18:40 - 00244712 _____ () C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2011-12-21 17:02 - 2005-12-07 10:44 - 00045056 _____ () C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
2013-11-05 17:56 - 2012-08-16 20:28 - 00049664 _____ () C:\Windows\system32\dltsm1zwia.dll
2009-12-13 22:19 - 2009-12-09 05:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2011-01-18 21:08 - 2011-01-18 21:08 - 00620136 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2011-04-06 02:16 - 2011-04-06 02:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 18:21 - 2011-03-14 18:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-19 19:59 - 2015-01-08 18:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-09-10 08:06 - 2015-09-10 08:06 - 01660416 _____ () C:\Users\Melanie\Downloads\AdwCleaner.exe
2011-02-14 18:18 - 2011-02-14 18:18 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-02-14 18:17 - 2011-02-14 18:17 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-02-14 18:17 - 2011-02-14 18:17 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2012-06-28 17:58 - 2012-06-28 17:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2011-01-18 21:08 - 2011-01-18 21:08 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2015-06-05 07:19 - 2015-06-05 07:19 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-04-15 05:15 - 2010-11-06 02:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Audrey\Downloads\1.7.10-zeldaswordskills-2.2.8b.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\1.7.10-zeldaswordskills-2.2.8b.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\1.8-zeldaswordskills-3.0.3b.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\1.8-zeldaswordskills-3.0.3b.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\AnimalBikes_1.7.10.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\AnimalBikes_1.7.10.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.8-11.14.1.1334-installer-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.8-11.14.1.1334-installer-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\Hamsterrific-0.2.0.jar.zip:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\MinecraftInstaller.msi:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\MinecraftInstaller.msi:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\RadixCore-1.7.10-1.3.4-universal.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\SpiderQueenReborn-1.7.10-1.2.2-universal.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\stillhungry-1.7.2-2.1.1.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\stillhungry-1.7.2-2.1.1.jar:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\ClarityTools - Personal Success.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\Do this circuit 3 days a week.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\META-ourprocess-graphic.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\Receipts_Kirk Beebe.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_229426168.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_229426168.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.eps:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.eps:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Downloads\00b4952b14d975a0d9000000.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Downloads\High-Level Platform Work Schedule 2015-05-07.xlsx:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Downloads\High-Level Platform Work Schedule 2015-05-07.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Downloads\TrueMass Complex Lipid Platform Overview 7-15-15.pptx:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Downloads\TrueMass Complex Lipid Platform Overview 7-15-15.pptx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Adrenal+Fatigue+Free+eBook.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\bathroom.jpeg:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\bathroom2.jpeg:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\BCBS claim form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Beebe_Audrey_Assessment_Chart_2015-07-27 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Bunco Roster June 2 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\The_Thyroid_Cookbook_2.0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Toxic-Free-Home-Guide.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\2015 Benefit Digest - Metabolon - FINAL DPs.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\2015-2016 G-1 Permission Form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\avast-browser-cleanup-sfx.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\avast-browser-cleanup-sfx.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Direct Deposit Enrollment Form (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Direct Deposit Enrollment Form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Enrollment Form (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Enrollment Form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\GS behavior contract.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\Junior Handbook 3314 - 20152016.docx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\s-pm-regional-rate-boxes.csv:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\SpyHunter-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\SpyHunter-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\TP105parent-guardianpermissionfortroopoutingsfillinapproved0814.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\Troop 3314 Calendar for 2015-2016.docx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\Young Living Premium Kit Oils_Uses.docx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Documents\Am J Clin Nutr-2006-Wolfe-475-82.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Documents\Do this circuit 3 days a week.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Documents\Firefox Setup Stub 25.0.exe:$CmdTcID
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1001movie.com -> 1001movie.com
 
There are 6092 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1F0783A3-2158-416B-BDD9-643F721B1626}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{800EDAF1-1082-457F-B4AD-2C91A1C025C9}] => (Allow) LPort=2869
FirewallRules: [{8DF7810F-1273-454F-BA15-E0622C2FFFCA}] => (Allow) LPort=1900
FirewallRules: [{76535DFE-F880-4C09-8DE0-BEDE13443C24}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FC26635E-DF07-4E08-991F-55E57328B383}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{AED41BAC-345B-4A4A-8E97-BDEECD9A1559}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{DD6AF616-0BD5-4A3B-839D-D3500F2FD602}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [UDP Query User{A3DF5232-A3BC-47DC-9B13-5253602177CC}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{9AB00F6B-F207-4200-9EA9-C9DF117096BB}] => (Block) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{C6459021-BB41-4DAD-94B9-997F28552215}] => (Block) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{EC28F18A-22C3-45EB-A37B-87B66A3F0835}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6995019A-7B57-4EEE-ACA1-89BE9DFB3087}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2B8D8B0-87F9-4A69-B251-6C609284FA01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FFD8DE65-E54B-4BE2-988A-486175426DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A06BA78B-D0FD-4DBB-AD68-CE54F65CA034}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{B48E4710-8782-46DB-8FE5-FE0F3FAC0668}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{F97A33B5-2A84-4550-AEA8-AAC29240FCFA}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{F09F7FB6-DA9B-4A06-92B1-999960AF8474}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{23C03C47-A038-4060-873E-BAE0DA75F37E}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{8907AFE2-56EF-430D-8974-D82558CBCFEA}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{DE55FE4F-908D-4414-8CC1-DF04D87EF443}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB0E3A18-921D-4A56-89BE-D29F30087452}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A8E8307-316F-4675-9558-C5BC8623F6D1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{43BB320B-EDEB-4362-8A62-62B00A64114E}] => (Allow) C:\Users\Melanie\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
System error 123 has occurred.
 
The filename, directory name, or volume label syntax is incorrect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8172.3 MB
Available physical RAM: 5738.11 MB
Total Virtual: 16342.8 MB
Available Virtual: 12827.66 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:1381.04 GB) (Free:661.99 GB) NTFS
Drive e: () (Removable) (Total:0.48 GB) (Free:0.39 GB) FAT
Drive l: (Backup2) (Fixed) (Total:298.09 GB) (Free:45.28 GB) NTFS
Drive m: (Backup) (Fixed) (Total:372.61 GB) (Free:54.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 92815A8C)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 493.5 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=494 MB) - (Type=04)
 
========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: C2B4120B)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 9 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 11A2F9FE)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 

 

 



BC AdBot (Login to Remove)

 


#2 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 AM

Posted 10 September 2015 - 12:18 PM

Yesterday I was updating my spyware/malware scanning programs and malwarebytes offered me a 30 day trial of their paid version, which I accepted. So today I am getting bombareed by popups from malwarebytes about ad.afy11.net and sbx1.afy11.net. Here are my logs. thanks for your help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015
Ran by Melanie (administrator) on BEEBE-PC (10-09-2015 12:44:40)
Running from C:\Users\Melanie\Desktop
Loaded Profiles: Melanie (Available Profiles: Melanie & Kirk & Audrey)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Melanie\AppData\Local\Google\Chrome\Application\chrome..exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(North Star com.) C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
(EuroSmartz Ltd) C:\Program Files (x86)\WePrint\WePrint Server.exe
(Google Inc.) C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PDFViewer\PdfPro7Hook.exe
(Dell Inc.) C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Users\Melanie\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [289600 2011-02-14] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1370624 2010-08-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-07-04] (Apple Inc.)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Dell Printers\PaperPort\pptd40nt.exe [38848 2011-11-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Dell Printers\PaperPort\IndexSearch.exe [51136 2011-11-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Dell Printers\PDFViewer\pdfpro7hook.exe [607632 2012-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [LauncherC1765nf] => C:\Program Files (x86)\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-02-06] (Dell Inc.)
HKLM-x32\...\Run: [StatusAutoRunC1765nf] => C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3850216 2013-02-06] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-27] (Oracle Corporation)
HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\Run: [Google Update] => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-12-21]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Frame.lnk [2011-04-15]
ShortcutTarget: Photo Frame.lnk -> C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe (North Star com.)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk [2011-12-21]
ShortcutTarget: WePrint Server.lnk -> C:\Program Files (x86)\WePrint\WePrint Server.exe (EuroSmartz Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2752660347-3678198734-3739959177-1002\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{5DC984CC-C48F-4665-80BE-72F1EAAF915D}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7FA5CE72-E3D2-4BBF-80D2-29218E6A8715}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=MAGW
HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com/?pc=MAGW
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Dell Printers\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)

FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\on536ews.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-11-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Dell Printers\PDFViewer\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2752660347-3678198734-3739959177-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2752660347-3678198734-3739959177-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Extension: Flashblock - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\on536ews.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-07-19]

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Google Sheets) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
StartMenuInternet: Google Chrome - C:\Users\Melanie\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5531008 2015-08-19] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-07-04] (Apple Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-09] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-11-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-11-18] (Creative Labs) [File not signed]
R2 DLNBDB; C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [244712 2013-02-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 NMSAccess; C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe [45056 2005-12-07] () [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-02-14] (NTI Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe [219536 2012-06-21] (Nuance Communications, Inc.)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-08-04] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-08-04] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-04] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [138504 2015-08-06] (Emsisoft GmbH)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-04] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 12:44 - 2015-09-10 12:44 - 00021062 _____ C:\Users\Melanie\Desktop\FRST.txt
2015-09-10 12:44 - 2015-09-10 12:44 - 00000000 ____D C:\FRST
2015-09-10 12:06 - 2015-09-10 12:06 - 01660416 _____ C:\Users\Melanie\Downloads\AdwCleaner (1).exe
2015-09-10 11:40 - 2015-09-10 11:40 - 02190848 _____ (Farbar) C:\Users\Melanie\Desktop\FRST64.exe
2015-09-10 11:26 - 2015-09-10 11:26 - 00004244 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-2752660347-3678198734-3739959177-1000
2015-09-10 11:26 - 2015-09-10 11:26 - 00003306 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-2752660347-3678198734-3739959177-1000
2015-09-10 11:26 - 2015-09-10 11:26 - 00001113 _____ C:\Users\Melanie\Desktop\Avast Browser Cleanup.lnk
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ____D C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2015-09-10 11:26 - 2015-09-10 11:26 - 00000000 ____D C:\Users\Melanie\AppData\Roaming\AVAST Software
2015-09-10 09:07 - 2015-09-10 12:07 - 00000000 ____D C:\AdwCleaner
2015-09-10 08:06 - 2015-09-10 08:06 - 03824464 _____ (AVAST Software) C:\Users\Melanie\Downloads\avast-browser-cleanup-sfx.exe
2015-09-10 08:06 - 2015-09-10 08:06 - 01660416 _____ C:\Users\Melanie\Downloads\AdwCleaner.exe
2015-09-10 07:57 - 2015-09-10 07:57 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Melanie\Downloads\SpyHunter-Installer.exe
2015-09-09 02:30 - 2015-09-09 02:30 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 02:30 - 2015-09-09 02:30 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 02:30 - 2015-09-09 02:30 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 02:30 - 2015-09-09 02:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 02:29 - 2015-09-09 02:29 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 02:29 - 2015-09-09 02:29 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 02:29 - 2015-09-09 02:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 02:29 - 2015-09-09 02:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 02:29 - 2015-08-15 02:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 02:29 - 2015-08-15 02:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 02:29 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 02:29 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 02:28 - 2015-09-09 02:28 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 02:28 - 2015-09-09 02:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 02:28 - 2015-09-09 02:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 02:28 - 2015-09-09 02:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 02:27 - 2015-09-09 02:27 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 02:27 - 2015-09-09 02:27 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 02:27 - 2015-09-09 02:27 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 02:27 - 2015-09-09 02:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 02:26 - 2015-09-09 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 02:25 - 2015-09-09 02:25 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 02:25 - 2015-09-09 02:25 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 02:25 - 2015-09-09 02:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 02:25 - 2015-09-09 02:25 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 02:25 - 2015-09-09 02:25 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 02:24 - 2015-09-09 02:24 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 02:24 - 2015-09-09 02:24 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 02:24 - 2015-09-09 02:24 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-07 12:22 - 2015-09-07 12:23 - 00078704 _____ C:\Users\Audrey\Downloads\Hamsterrific-0.2.0.jar.zip
2015-09-07 12:11 - 2015-09-07 12:11 - 07068869 _____ C:\Users\Audrey\Downloads\1.7.10-zeldaswordskills-2.2.8b.jar
2015-09-07 12:07 - 2015-09-07 12:07 - 07312645 _____ C:\Users\Audrey\Downloads\1.8-zeldaswordskills-3.0.3b.jar
2015-09-07 12:05 - 2015-09-07 12:07 - 00000000 ____D C:\Users\Audrey\Desktop\1.8mods
2015-09-07 12:04 - 2015-09-07 09:49 - 00413842 _____ C:\Users\Audrey\Downloads\SpiderQueenReborn-1.7.10-1.2.2-universal.jar
2015-09-07 11:56 - 2015-09-07 11:56 - 00237809 _____ C:\Users\Audrey\Downloads\stillhungry-1.7.2-2.1.1.jar
2015-09-07 09:56 - 2015-09-07 09:56 - 00093547 _____ C:\Users\Audrey\Downloads\RadixCore-1.7.10-1.3.4-universal.jar
2015-09-07 09:49 - 2015-09-07 12:24 - 00000000 ____D C:\Users\Audrey\Desktop\1.7.10 mods
2015-09-06 18:26 - 2015-09-06 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-06 18:26 - 2015-09-06 18:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Kirk\AppData\Roaming\Sun
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Kirk\.oracle_jre_usage
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Audrey\AppData\Roaming\Sun
2015-08-28 11:43 - 2015-08-28 11:43 - 00000000 ____D C:\Users\Audrey\.oracle_jre_usage
2015-08-27 12:05 - 2015-08-27 12:05 - 00000000 ____D C:\Users\Melanie\AppData\Roaming\Sun
2015-08-27 12:05 - 2015-08-27 12:05 - 00000000 ____D C:\Users\Melanie\.oracle_jre_usage
2015-08-22 15:09 - 2015-09-03 11:43 - 00000000 ____D C:\Users\Kirk\AppData\Local\CrashDumps
2015-08-22 14:46 - 2015-08-22 14:46 - 03807291 _____ C:\Users\Kirk\Downloads\TrueMass Complex Lipid Platform Overview 7-15-15.pptx
2015-08-22 11:06 - 2015-08-22 11:06 - 00272229 _____ C:\Users\Kirk\Desktop\shutterstock_267230051.eps
2015-08-19 20:45 - 2015-08-19 20:45 - 00000358 _____ C:\Users\Melanie\Downloads\s-pm-regional-rate-boxes.csv
2015-08-19 19:54 - 2015-09-05 21:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-15 10:31 - 2015-08-15 10:31 - 00001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\Program Files\iTunes
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\Program Files\iPod
2015-08-15 10:31 - 2015-08-15 10:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-13 03:28 - 2015-08-13 03:28 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:28 - 2015-08-13 03:28 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 07:11 - 2015-08-12 07:11 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 07:10 - 2015-08-12 07:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 07:10 - 2015-08-12 07:10 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 07:10 - 2015-08-12 07:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 07:08 - 2015-08-12 07:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 07:06 - 2015-08-12 07:06 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 07:06 - 2015-08-12 07:06 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 07:06 - 2015-08-12 07:06 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 07:06 - 2015-08-12 07:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 07:06 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 12:44 - 2011-12-21 19:01 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2015-09-10 12:38 - 2015-01-25 18:43 - 00021918 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-09-10 12:30 - 2011-12-21 16:38 - 00000402 _____ C:\Windows\Tasks\Gateway Registration - Data Sending task.job
2015-09-10 12:07 - 2015-01-25 15:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-10 12:03 - 2011-12-21 17:58 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-09-10 11:55 - 2011-12-22 09:43 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA.job
2015-09-10 11:54 - 2015-01-25 14:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-10 11:46 - 2009-07-14 01:13 - 00899964 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 11:34 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-10 11:34 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-10 11:28 - 2011-11-18 05:56 - 01489436 _____ C:\Windows\WindowsUpdate.log
2015-09-10 11:25 - 2013-11-04 00:35 - 00000000 ____D C:\Users\Melanie\Documents\WePrint
2015-09-10 11:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-10 11:24 - 2009-07-14 00:51 - 00059248 _____ C:\Windows\setupact.log
2015-09-10 07:57 - 2011-04-15 05:37 - 00000000 ____D C:\ProgramData\Temp
2015-09-10 07:45 - 2011-12-21 17:58 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-09-09 19:55 - 2011-12-22 09:43 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core.job
2015-09-09 10:01 - 2015-07-16 18:54 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-09 10:01 - 2015-01-25 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-09 10:01 - 2015-01-25 14:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-09 10:01 - 2013-11-04 00:07 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-09 04:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 03:43 - 2009-07-14 00:45 - 00304808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 03:40 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 03:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 03:23 - 2013-11-04 00:54 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 03:08 - 2011-12-21 18:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-08 18:09 - 2015-03-31 17:40 - 00000000 ____D C:\Users\Audrey\AppData\Local\CrashDumps
2015-09-07 12:43 - 2015-05-16 11:56 - 00000000 ____D C:\Users\Audrey\AppData\Roaming\.minecraft
2015-09-06 18:26 - 2015-03-30 07:20 - 00001941 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-05 21:56 - 2011-12-22 09:44 - 00002409 _____ C:\Users\Melanie\Desktop\Google Chrome.lnk
2015-09-05 21:46 - 2013-11-03 23:57 - 00000000 ___RD C:\Users\Melanie\Desktop\New Photo Uploads
2015-09-05 21:38 - 2011-12-22 09:12 - 00000000 ____D C:\Users\Melanie\AppData\Local\CrashDumps
2015-09-05 21:37 - 2015-05-16 11:43 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-09-05 21:35 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-05 21:32 - 2015-01-26 12:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 21:32 - 2010-11-20 23:47 - 00464040 _____ C:\Windows\PFRO.log
2015-09-05 21:28 - 2015-02-02 12:31 - 00014975 _____ C:\Users\Melanie\Desktop\Melanie Labs.xlsx
2015-09-03 07:52 - 2011-12-19 19:58 - 00579408 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-09-03 07:52 - 2011-12-19 19:58 - 00445472 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-09-01 22:52 - 2013-11-04 00:11 - 00000000 ____D C:\Users\Melanie\Documents\Ebay
2015-08-30 08:27 - 2015-08-04 18:05 - 00000000 ____D C:\Users\Melanie\Documents\thyroid stuff
2015-08-28 11:43 - 2013-11-03 23:41 - 00000000 ____D C:\Users\Audrey
2015-08-28 11:43 - 2011-12-22 08:51 - 00000000 ____D C:\Users\Kirk
2015-08-27 20:20 - 2015-05-16 13:25 - 00000000 ____D C:\ProgramData\Oracle
2015-08-27 19:50 - 2011-12-22 09:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA
2015-08-27 19:50 - 2011-12-22 09:43 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core
2015-08-27 12:08 - 2015-05-16 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 12:08 - 2015-05-16 13:25 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 12:05 - 2011-12-21 16:35 - 00000000 ____D C:\Users\Melanie
2015-08-27 12:03 - 2015-05-16 13:26 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-26 18:37 - 2013-11-04 00:54 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 20:25 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-22 12:12 - 2015-05-30 13:31 - 00000000 ____D C:\Users\Kirk\AppData\Local\Windows Live
2015-08-21 18:04 - 2013-11-04 00:35 - 00000000 ____D C:\Users\Melanie\Documents\RECIPES
2015-08-15 10:31 - 2011-12-22 10:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-13 03:48 - 2013-11-04 01:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:48 - 2013-11-04 01:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:46 - 2015-06-05 07:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 03:46 - 2015-06-05 07:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 03:28 - 2013-11-04 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 08:07 - 2015-01-25 15:07 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 08:07 - 2015-01-25 15:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 08:07 - 2015-01-25 15:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\Users\Melanie\dummy1.dat


Some files in TEMP:
====================
C:\Users\Audrey\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Kirk\AppData\Local\Temp\cct.dll
C:\Users\Kirk\AppData\Local\Temp\JavaIC.dll
C:\Users\Kirk\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Kirk\AppData\Local\Temp\msscct32.dll
C:\Users\Kirk\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Melanie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Melanie\AppData\Local\Temp\ose00000.exe
C:\Users\Melanie\AppData\Local\Temp\sqlite3.dll
C:\Users\Melanie\AppData\Local\Temp\{970182BD-F80F-45E0-9849-7A85D2E3B1E5}vsscomproxy.dll
C:\Users\Melanie\AppData\Local\Temp\{CA2773D3-F04A-41E5-99A4-673688611876}vsscomproxy64.dll
C:\Users\Melanie\AppData\Local\Temp\{D642A643-8BAE-46CC-9791-2B9E0030D439}vsscom.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-05 22:42

==================== End of FRST.txt ============================

 



#3 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 AM

Posted 10 September 2015 - 12:20 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015
Ran by Melanie (2015-09-10 12:45:09)
Running from C:\Users\Melanie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-21 20:35:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2752660347-3678198734-3739959177-500 - Administrator - Disabled)
Audrey (S-1-5-21-2752660347-3678198734-3739959177-1002 - Administrator - Enabled) => C:\Users\Audrey
Guest (S-1-5-21-2752660347-3678198734-3739959177-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2752660347-3678198734-3739959177-1004 - Limited - Enabled)
Kirk (S-1-5-21-2752660347-3678198734-3739959177-1001 - Administrator - Enabled) => C:\Users\Kirk
Melanie (S-1-5-21-2752660347-3678198734-3739959177-1000 - Administrator - Enabled) => C:\Users\Melanie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10405 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{112F562D-96D7-13A7-762F-AFDB7A7B4F5E}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Avast Browser Cleanup (HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.2.83 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cheetah DVD Burner (HKLM-x32\...\{563E2BC8-A0CA-4A81-9DD2-897BB326C679}) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 15.0 - COMODO)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.9.23255.2196 - COMODO Security Solutions Inc.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1421_35790 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell C1765 Color MFP (HKLM-x32\...\InstallShield_{6ADD1CA2-0A4C-47DF-B9E3-B0363FB7515B}) (Version: 1.021.0 - Dell Inc.)
Dell C1765 Color MFP (x32 Version: 1.021.0 - Dell Inc.) Hidden
Dell Printer Driver Updater (x32 Version: 1.006.00 - Dell) Hidden
Dell Printer Driver Updater (x32 Version: 1.018.00 - Dell) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.0 - Emsi Software GmbH)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.2.83 - NTI Corporation)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Google Chrome (HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nuance PaperPort 14 (HKLM-x32\...\{848ABE9C-B7AA-4064-809F-7F38616918FF}) (Version: 14.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{12D745BA-7DEE-45C4-B2EA-E8CABE4361DE}) (Version: 7.10.3211 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Frame (HKLM-x32\...\{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1) (Version: 5.0.0.11_V3 - Northstar Systems Corp.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plus Pack for Acronis True Image Home 2012 (HKLM-x32\...\{A8EFC6C1-DF0C-4F51-8779-EAC4CDB440A4}) (Version: 15.0.6131 - Acronis)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
THX TruStudio Pro (HKLM-x32\...\{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}) (Version: 1.0 - Creative Technology Limited)
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
WePrint (HKLM-x32\...\WePrint) (Version:  - EuroSmartz Ltd)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.3.57 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

10-09-2015 00:00:05 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-09-06 18:26 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DAEAFC6-7AE5-436C-95C8-614F06418548} - System32\Tasks\{A96C26F9-FA7C-4DA9-AC74-1DE34AABC541} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {259F307A-9E41-45B4-B505-CDCF845AA24F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {38165727-307D-4E01-88E9-16E0B9D24F3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {45592281-3ECE-4044-B9B8-D00F32EE31E5} - System32\Tasks\{6802422A-D330-4965-B2DF-B81DF01F6F2C} => pcalua.exe -a C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe -d C:\Users\Melanie\Desktop
Task: {470F7D76-8DD7-4D4A-BD69-626B9FA54B89} - System32\Tasks\Gateway Registration - Data Sending task => C:\Program Files (x86)\Gateway\Registration\GREG.exe [2010-04-27] (Acer Incorporated)
Task: {4ABA2AD7-C6CA-4AA1-9023-38A13C80AB89} - System32\Tasks\{9EBBC4FE-CB37-4B29-8322-0CC97CFA2D66} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {4B7ABC45-5013-4789-94A0-B454890C26F6} - System32\Tasks\{665F1DD8-A93D-4EC9-91DB-4B7562CCEA67} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {5CB4E142-41F5-436C-8F54-A0648AF85B66} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO)
Task: {5FBB5F16-B043-49E5-9C5C-A0F8AD9A3200} - System32\Tasks\{A01C3BF5-AE3C-4BBD-A21A-70E3EA9A6502} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {603AF43A-F8BF-4EF9-86B5-448461A55448} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-02-21] (CyberLink)
Task: {74BEEA11-49C9-41BF-ADCB-A8DDAE574AA5} - System32\Tasks\{D131ED58-1545-40C4-8EAE-6E2459C4593C} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {74D3C30A-67E4-4E18-A9FE-8A52542A38AA} - System32\Tasks\{73B69B9B-E810-4898-A503-6B9654E7D9FB} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {79F815CF-F48C-4AA5-8669-B62206150B61} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {7CB72DC4-9D0A-412C-9558-06747CBAE92B} - System32\Tasks\{7866F56C-AEE3-4639-8068-0B6716B522BF} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {9526B92E-5584-4056-9479-DDFEF0719036} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {98C4E0BB-FADB-4673-B04F-629089326B9B} - System32\Tasks\{C67B5A73-168A-4F1E-B4F2-382AFB261D54} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {99D2AC01-D4A9-4BDD-862D-4CBB12EBA164} - System32\Tasks\{38A47DAF-555B-4C14-BADB-A8AFFA3D7B2D} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {A7F0162D-9B24-4702-8D6E-4043A8D021E1} - System32\Tasks\{A2583807-F0A2-44E3-8587-7D22C961E7AE} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {AAC65EAA-0A60-4E35-A946-07B1AC96FA0C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B46263FE-0BBE-445D-8DA6-8F646ACE838E} - System32\Tasks\{BCD7E449-BAF3-4527-866A-9C026D4664B4} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {C24B54AF-D904-4553-8D24-255EBD37DC7C} - System32\Tasks\avastBCLS-1-5-21-2752660347-3678198734-3739959177-1000 => C:\Users\Melanie\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-07-27] (AVAST Software)
Task: {C762227A-F3F2-4E6C-A23A-10F69A5BF001} - System32\Tasks\{89488E37-75D5-4676-BA13-ACF63516450F} => C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe
Task: {CA57C5EB-F1B5-4D83-8415-8C9F512F6839} - System32\Tasks\{93C0BFCC-DED6-4CD9-9E37-307877D38015} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {DBC36666-2916-4302-88DF-0094E939E214} - System32\Tasks\{4BA7813D-46C3-4513-BCAD-9875406A4173} => pcalua.exe -a C:\Users\Melanie\Documents\Software\TrueImage11.8101_s_en.exe -d C:\Users\Melanie\Documents\Software
Task: {DF09C606-74DB-4039-8C7F-286E12A3E728} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {E1B7E453-33F1-4532-8606-250D196382D1} - System32\Tasks\{1F86BE33-EFBC-4784-8177-C5B6C529F251} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {E2624D21-1827-443E-B6CD-0FCABFB05D1B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO)
Task: {E3928A77-0B15-49EC-8665-318091403CE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {ED476624-FFC7-4F22-AA0B-0EF7D8F74F59} - System32\Tasks\{0CB4D334-A5D7-485F-9E04-FD2E4EF9EAB1} => C:\Program Files (x86)\Adobe\Photoshop Elements 2\PhotoshopElements.exe [2011-12-21] (Adobe Systems, Incorporated)
Task: {EF7B6439-A09C-4937-9778-43A7A09EB0B7} - System32\Tasks\avast! BCU UpdateS-1-5-21-2752660347-3678198734-3739959177-1000 => C:\Users\Melanie\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software)
Task: {F69648D1-A5CD-4F2D-913B-0D8B5FFC8141} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAD9D1AB-782B-42F3-B41F-0F1C3060753D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Gateway Registration - Data Sending task.job => C:\Program Files (x86)\Gateway\Registration\GREG.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-11-05 17:57 - 2012-06-20 16:15 - 00032768 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dltfm1zPP.dll
2013-11-05 17:56 - 2013-02-01 17:07 - 12875264 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlthm1zRC.DLL
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-06 18:40 - 2013-02-06 18:40 - 00244712 _____ () C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2011-12-21 17:02 - 2005-12-07 10:44 - 00045056 _____ () C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
2013-11-05 17:56 - 2012-08-16 20:28 - 00049664 _____ () C:\Windows\system32\dltsm1zwia.dll
2009-12-13 22:19 - 2009-12-09 05:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2011-01-18 21:08 - 2011-01-18 21:08 - 00620136 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2011-04-06 02:16 - 2011-04-06 02:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 18:21 - 2011-03-14 18:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-12-19 19:59 - 2015-01-08 18:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2011-02-14 18:18 - 2011-02-14 18:18 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-02-14 18:17 - 2011-02-14 18:17 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-02-14 18:17 - 2011-02-14 18:17 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2012-06-28 17:58 - 2012-06-28 17:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2011-01-18 21:08 - 2011-01-18 21:08 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2015-06-05 07:19 - 2015-06-05 07:19 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-04-15 05:15 - 2010-11-06 02:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-28 18:34 - 2012-06-28 18:34 - 00018816 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Audrey\Downloads\1.7.10-zeldaswordskills-2.2.8b.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\1.7.10-zeldaswordskills-2.2.8b.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\1.8-zeldaswordskills-3.0.3b.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\1.8-zeldaswordskills-3.0.3b.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\AnimalBikes_1.7.10.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\AnimalBikes_1.7.10.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.10-10.13.2.1291-installer-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.8-11.14.1.1334-installer-win.exe:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\forge-1.8-11.14.1.1334-installer-win.exe:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\Hamsterrific-0.2.0.jar.zip:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\MinecraftInstaller.msi:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\MinecraftInstaller.msi:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\RadixCore-1.7.10-1.3.4-universal.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\SpiderQueenReborn-1.7.10-1.2.2-universal.jar:$CmdZnID
AlternateDataStreams: C:\Users\Audrey\Downloads\stillhungry-1.7.2-2.1.1.jar:$CmdTcID
AlternateDataStreams: C:\Users\Audrey\Downloads\stillhungry-1.7.2-2.1.1.jar:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\ClarityTools - Personal Success.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\Do this circuit 3 days a week.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\META-ourprocess-graphic.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\Receipts_Kirk Beebe.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_229426168.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_229426168.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.eps:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.eps:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Desktop\shutterstock_267230051.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Downloads\00b4952b14d975a0d9000000.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Downloads\High-Level Platform Work Schedule 2015-05-07.xlsx:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Downloads\High-Level Platform Work Schedule 2015-05-07.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\Kirk\Downloads\TrueMass Complex Lipid Platform Overview 7-15-15.pptx:$CmdTcID
AlternateDataStreams: C:\Users\Kirk\Downloads\TrueMass Complex Lipid Platform Overview 7-15-15.pptx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Adrenal+Fatigue+Free+eBook.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\bathroom.jpeg:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\bathroom2.jpeg:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\BCBS claim form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Beebe_Audrey_Assessment_Chart_2015-07-27 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Bunco Roster June 2 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\The_Thyroid_Cookbook_2.0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Desktop\Toxic-Free-Home-Guide.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\2015 Benefit Digest - Metabolon - FINAL DPs.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\2015-2016 G-1 Permission Form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\AdwCleaner.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\avast-browser-cleanup-sfx.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\avast-browser-cleanup-sfx.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Direct Deposit Enrollment Form (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Direct Deposit Enrollment Form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Enrollment Form (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\FSA Enrollment Form.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\GS behavior contract.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\Junior Handbook 3314 - 20152016.docx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\s-pm-regional-rate-boxes.csv:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\SpyHunter-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Melanie\Downloads\SpyHunter-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\TP105parent-guardianpermissionfortroopoutingsfillinapproved0814.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\Troop 3314 Calendar for 2015-2016.docx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Downloads\Young Living Premium Kit Oils_Uses.docx:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Documents\Am J Clin Nutr-2006-Wolfe-475-82.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Documents\Do this circuit 3 days a week.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Melanie\Documents\Firefox Setup Stub 25.0.exe:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\...\1001movie.com -> 1001movie.com

There are 6092 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2752660347-3678198734-3739959177-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1F0783A3-2158-416B-BDD9-643F721B1626}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{800EDAF1-1082-457F-B4AD-2C91A1C025C9}] => (Allow) LPort=2869
FirewallRules: [{8DF7810F-1273-454F-BA15-E0622C2FFFCA}] => (Allow) LPort=1900
FirewallRules: [{76535DFE-F880-4C09-8DE0-BEDE13443C24}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FC26635E-DF07-4E08-991F-55E57328B383}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{AED41BAC-345B-4A4A-8E97-BDEECD9A1559}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{DD6AF616-0BD5-4A3B-839D-D3500F2FD602}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [UDP Query User{A3DF5232-A3BC-47DC-9B13-5253602177CC}C:\program files (x86)\weprint\weprint server.exe] => (Allow) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{9AB00F6B-F207-4200-9EA9-C9DF117096BB}] => (Block) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{C6459021-BB41-4DAD-94B9-997F28552215}] => (Block) C:\program files (x86)\weprint\weprint server.exe
FirewallRules: [{EC28F18A-22C3-45EB-A37B-87B66A3F0835}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6995019A-7B57-4EEE-ACA1-89BE9DFB3087}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2B8D8B0-87F9-4A69-B251-6C609284FA01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FFD8DE65-E54B-4BE2-988A-486175426DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A06BA78B-D0FD-4DBB-AD68-CE54F65CA034}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{B48E4710-8782-46DB-8FE5-FE0F3FAC0668}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{F97A33B5-2A84-4550-AEA8-AAC29240FCFA}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{F09F7FB6-DA9B-4A06-92B1-999960AF8474}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{23C03C47-A038-4060-873E-BAE0DA75F37E}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{8907AFE2-56EF-430D-8974-D82558CBCFEA}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{DE55FE4F-908D-4414-8CC1-DF04D87EF443}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB0E3A18-921D-4A56-89BE-D29F30087452}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A8E8307-316F-4675-9558-C5BC8623F6D1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{43BB320B-EDEB-4362-8A62-62B00A64114E}] => (Allow) C:\Users\Melanie\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2015 11:26:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 07:42:22 PM) (Source: Chrome) (EventID: 1) (User: Beebe-PC)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.85;lang=;guid=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Melanie\AppData\Local\Google\CrashReports\1a41be9a-268c-4c35-8f3d-884d0e456d7a.dmp

Error: (09/09/2015 04:22:47 PM) (Source: Chrome) (EventID: 1) (User: Beebe-PC)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.85;lang=;guid=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Melanie\AppData\Local\Google\CrashReports\71d41cca-4d93-47cb-80f2-181fe9bdd114.dmp

Error: (09/09/2015 01:45:05 PM) (Source: Chrome) (EventID: 1) (User: Beebe-PC)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.85;lang=;guid=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Melanie\AppData\Local\Google\CrashReports\22ec48c3-b72a-46f8-a2b8-5bfde742baee.dmp

Error: (09/09/2015 09:16:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 03:43:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2015 03:07:56 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (09/08/2015 08:54:05 PM) (Source: Chrome) (EventID: 1) (User: Beebe-PC)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.85;lang=;guid=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Melanie\AppData\Local\Google\CrashReports\aca06182-2eba-4266-b62c-f475e8b99a1d.dmp

Error: (09/08/2015 06:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x2658
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (09/08/2015 06:02:59 PM) (Source: Chrome) (EventID: 1) (User: Beebe-PC)
Description: Chrome has encountered a fatal error.
ver=45.0.2454.85;lang=;guid=;is_machine=0;oop=1;upload=1;minidump=C:\Users\Melanie\AppData\Local\Google\CrashReports\a35329ef-2ffc-42a1-8150-c40bdeb0c703.dmp


System errors:
=============
Error: (09/10/2015 11:43:28 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (09/10/2015 11:42:45 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (09/10/2015 11:23:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (09/10/2015 11:23:42 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/10/2015 11:23:42 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/10/2015 11:23:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2015 11:23:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Interactive Services Detection service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2015 11:23:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2015 11:23:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/10/2015 11:23:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8172.3 MB
Available physical RAM: 5885.91 MB
Total Virtual: 16342.8 MB
Available Virtual: 12901.55 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:1381.04 GB) (Free:661.78 GB) NTFS
Drive e: () (Removable) (Total:0.48 GB) (Free:0.39 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 92815A8C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 493.5 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=494 MB) - (Type=04)

==================== End of Addition.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 11 September 2015 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2752660347-3678198734-3739959177-1002\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Please run the Farbar tool one more time and post a fresh FRST log for my review.

How is the computer running now?

#5 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 AM

Posted 11 September 2015 - 12:15 PM

Thank you for your post. So far, no popups. Can you tell me what was going on? Any reason I need to be concerned about security (passwords and such). RogueKiller mentioned uploading a file to virustotal which I said yes to, bootstrap.dmp. It was supposedly in the temp folder, but I couldn't find it. Not sure what that was about? Thanks for the help. I really appreciate it. 

Here are the logs:

FRST log:

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015
Ran by Melanie (2015-09-11 12:14:27) Run:1
Running from C:\Users\Melanie\Desktop
Loaded Profiles: Melanie (Available Profiles: Melanie & Kirk & Audrey)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2752660347-3678198734-3739959177-1002\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2752660347-3678198734-3739959177-1002\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
EmptyTemp: => 13.5 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 12:18:33 ====
 
RogueKiller report
 
RogueKiller V10.10.4.0 [Sep  4 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Melanie [Administrator]
Started from : C:\Users\Melanie\Desktop\RogueKiller.exe
Mode : Scan -- Date : 09/11/2015 12:34:37
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=MAGW  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=MAGW  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com/?pc=MAGW  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2752660347-3678198734-3739959177-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com/?pc=MAGW  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.com
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS723015BLA642 +++++
--- User ---
[MBR] 6c11fa6353f03139f491b488d8cbc06a
[BSP] b8d518725af4391077f1737af927c9ce : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 -  | Offset (sectors): 34 | Size: 128 MB
1 -  | Offset (sectors): 264192 | Size: 100 MB
2 -  | Offset (sectors): 468992 | Size: 16384 MB
3 -  | Offset (sectors): 34023424 | Size: 1414186 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive6: Generic- MicroSD USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 11 September 2015 - 01:02 PM

bootstrap.dmp. It was supposedly in the temp folder, but I couldn't find it. Not sure what that was about?

This file is created by the operating system when you get a Blue Screen Of Death. (BSOD).
It's hidden. If all is well forget about it.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 17 September 2015 - 09:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users