Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupt email


  • This topic is locked This topic is locked
63 replies to this topic

#1 tyler4402

tyler4402

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 04 December 2015 - 10:24 AM

Windows7 Pro SP1 64 bit build 7601

Power ATX 12v MODEL:750 UB
BIOS Award F3 V600PG

Gigabyte Motherboard H55M-D2H rev 1.4

Intel Core 3.2Gb i3 550 3.2Gb

Resalution 1680 X 1050

Arctic Cooling Freezer 7 Pro rev 2 socket 775, 1156, 1366, A2 AM3 Heat-pipe

Memory 8Gb slot A0 & A2

Nvidia GeForce GTS 450

Controller Intel 3400 2port ATA- 3B26

Wireless network TP-Link 150Mps PCI Adapter

Sound Realtek HD Audio

256 Gb SSD with Operating System

500Gb General storage drive

250Gb photo storage drive

Comodo firewall

Avast anti virus

 

Hi all

   I opened an email from a friend & clicked on a web link he sent it was not of interest so I zapped it, but ever since when I send a mail either to my friends or to myself multiple emails are received which Windows cannot open or the mails are scrambled, I did note that a test .jpeg I sent to myself arrived as "Windows cannot open this file" > File: test Pic P1050436.JPG[30_40].dat file <

 

I mentioned the prob to my pal who has my email address and he said that he had not sent me any email, I now get mails (which I don't open) containing spurious web links from several  people who are in his wife's ipad address book so there must be a link between this group of people, the ipad, and my pals PC, although after I informed him of the problem he have his PC checked out and nothing was found, I have also run scans using JRT, ADWCleaner, Malwarebytes, and Sophos, again with nothing being found.

The attached are scans by FRST, any help most welcome regards Robert.    

Attached Files


Edited by tyler4402, 04 December 2015 - 10:25 AM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 04 December 2015 - 02:00 PM

Hello tyler4402 and Welcome to the BleepingComputer. :welcome:
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely

:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 04 December 2015 - 04:18 PM

Hi tyler4402,
 
Such mails should not be opened. You need to be careful. I guess, there are harmful in this friend's computer. Please tell him that.
============================
You are using too much security software. This is needless
=====================================================================================
Uninstall/remove all entries related to 10Bit  that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product. Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
-----------------------------------------------------------------
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
=====================================================================================
Please do the following,
Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

After completing uninstalls, please manually reboot your machine!
:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.
====================================================================================

C:\18 Draft letters in progress
C:\22 Letters for later use

do you recognize these ?
==============================================================
Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.
===================================================================================
Let me know when you get that done


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 05 December 2015 - 07:15 AM

Hi Olgun52

    Thanks for your help, I note that you are in Istanbul a city I like, especially the trams, next time I will bring my fishing rod ;-)

I have uninstalled the programs you have highlighted and afterwards I rebooted the PC but I did not do a reg clean as I usually do after an uninstall.

It is a pity 10bit is a suspect program as it does work very well, and I have not found another Defrag program as good.

The host file downloaded into a "Downloads" folder so I put a shortcut on the d/top, anyway I opened the folder and opposite clicked on the MVPS file which prompted "press any key" nothing seemed to happen

 

"C:\18 Draft letters in progress

C:\22 Letters for later use"

 

These are folders I created as text in progress or (letters I am working on) and pre written letters saved for posting at a later date.

Best regards Robert.


Edited by tyler4402, 05 December 2015 - 08:27 AM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 06 December 2015 - 03:43 PM

Hi tyler4402,

Thanks for your help, I note that you are in Istanbul a city I like, especially the trams, next time I will bring my fishing rod ;-)

Ohh super. fishing rod and fish. Usually amateur fishermen in the Galata bridge. :thumbup2:
 

I did not do a reg clean as I usually do after an uninstall.

Registry cleaner softwares:
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side. If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

For more information about why you should avoid using a such programs please take a look here
======================================================================================
Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   58.63KB   12 downloads and save it in the same directory as FRST.txt.gif

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 6:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Edited by olgun52, 06 December 2015 - 03:47 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 06 December 2015 - 06:53 PM

Hi again, FRST Fix log, step 2 to follow, regards Robert

 

CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Robert\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {D93DE821-E742-4D93-92EE-E92C832E6D5E} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-11-22] (IObit)
Task: {EC3DC5B2-95A1-492E-AE62-EF059F080746} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-11-22] (IObit)
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\athrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNC_ATC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNC_ATI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNC_ATL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNC_ATO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNMIUAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CNMLMAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coin95ip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CX64APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPA64F3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPD64AF3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPO64AF3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPP64AF3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ICEsoundAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IObitSmartDefragExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO6064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NAHIMICAPOlfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NahimicAPONSControl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434709.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434788.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6435012.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6435306.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6435382.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434709.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434788.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435012.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435306.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435382.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RltkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartDefragBootTime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRRPTR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\YamahaAE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AVEQT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AVERM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CNC_ATL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CNC_ATU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comct232.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GplMpgDec.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IObitSmartDefragExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mousewheel.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Parser.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscomct2.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp110.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\richtx32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RltkAPO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SRCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssubtmr6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\trayicon_handler.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WISPTIS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\athrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\point64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SmartDefragDriver.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Trufos.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\27 Northern Rail network map.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\347.88-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\350.12-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\350.12-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\360TSE_Setup_6.0.0.1021.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\360TSE_Setup_6.0.0.1021.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\65BC.tmp:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\A9FF.tmp:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\adwcleaner_5.021.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\adwcleaner_5.021.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\AntiLoggerFree_Setup_1.7.2.390.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\AntiLoggerFree_Setup_1.7.2.390.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\AspNetMVC3.msi:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\avc-free.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\avc-free.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\avc-setup-5.7.7.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\avc-setup-5.7.7.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\avg_remover_slt.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\ChromeSetup (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\ChromeSetup (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\ChromeSetup (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\ChromeSetup (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\ChromeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Dashlane_Launcher_bchrome-1441010438.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\Dashlane_Launcher_bchrome-1441010438.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\dvdflick_setup_1.3.0.7.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\dvdflick_setup_1.3.0.7.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\E2K7SP3EN64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\EmsisoftEmergencyKit.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\EmsisoftEmergencyKit.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Firefox Setup Stub 40.0.3.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\Firefox Setup Stub 40.0.3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\FreeYouTubeDownloaderOC.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\FreeYouTubeDownloaderOC.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\FRST64 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\FRST64 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\FYTDSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\ietabhelper.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\ietabhelper.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Intel Driver Update Utility Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\Intel Driver Update Utility Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\LibreOffice_4.4.2_Win_x86.msi:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\LibreOffice_4.4.2_Win_x86_helppack_en-US.msi:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\LibreOffice_4.4.3_Win_x86.msi:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\LibreOffice_4.4.4_Win_x86.msi:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\MicrosoftFixit50388.msi:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\mssstool32 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\mssstool32 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\mssstool32.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\mssstool32.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Ninite IrfanView Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\Ninite IrfanView Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Perfect_Effects_9.0.2_Free.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Promotional Fare Application Form Sep 2015 weekend.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Promotional Fare Application Form Sep 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\SCC_COMUNICADOS_PI_Batch0100151114fc636eafd47700_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\SCC_COMUNICADOS_PI_Batch01001511150616615f798500_0 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\SCC_COMUNICADOS_PI_Batch01001511150616615f798500_0.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup (3).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup (3).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\smart-defrag-setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Sophos Virus Removal Tool (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\Sophos Virus Removal Tool (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Sophos Virus Removal Tool (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\Sophos Virus Removal Tool (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\spsetup128.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\spsetup128.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\SysInfo.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\SysInfo.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\video2disc.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\video2disc.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\winamp5666_full_all.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\winamp5666_full_all.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\wlsetup-web (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\wlsetup-web (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\wlsetup-web (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\wlsetup-web (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Downloads\wlsetup-web.exe:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Downloads\wlsetup-web.exe:$CmdZnID
AlternateDataStreams: C:\Users\Robert\Documents\Stage_2_Clitheroe___Colne_ETA_v4.pdf:$CmdTcID
AlternateDataStreams: C:\Users\Robert\Documents\Stage_2_Clitheroe___Colne_ETA_v4.pdf:$CmdZnID
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\...\123simsen.com -> www.123simsen.com
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg/VX3000
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1939963696-4030184169-1170455680-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-1939963696-4030184169-1170455680-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-20]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2015-01-25] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2015-01-25] (BitDefender S.R.L.)
2015-11-22 10:00 - 2015-11-30 09:35 - 00000000 ____D C:\ProgramData\ProductData
2015-11-22 09:59 - 2015-11-22 09:59 - 00003188 _____ C:\Windows\System32\Tasks\SmartDefrag4_Startup
2015-11-22 09:58 - 2015-11-22 09:58 - 07942416 _____ (IObit ) C:\Users\Robert\Downloads\smart-defrag-setup (3).exe
2015-11-21 11:22 - 2015-11-21 11:24 - 139081520 _____ (Sophos Limited) C:\Users\Robert\Downloads\Sophos Virus Removal Tool (2).exe
C:\ProgramData\Package Cache
C:\Users\Robert\Downloads\A9FF.tmp
2014-12-28 17:04 - 2014-12-28 17:04 - 0033193 _____ () C:\Users\Robert\AppData\Roaming\UserTile.png
2014-12-31 14:08 - 2014-12-31 14:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
Reboot:
 



#7 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 07 December 2015 - 04:45 AM

Steps 2 - 3 and 4

# AdwCleaner v5.023 - Logfile created 07/12/2015 at 00:31:10
# Updated 30/11/2015 by Xplode
# Database : 2015-12-06.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Robert - BLACKBESS
# Running from : C:\Users\Robert\Downloads\adwcleaner_5.023.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [593 bytes] ##########

Step 3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64
Ran by Robert (Administrator) on 07/12/2015 at 0:37:45.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/12/2015 at 0:53:53.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 4

 

 

---\\ Explorer ( File, Folder) (3)
FOUND folder: C:\Windows\Installer\MSI8C03.tmp- =>Empty
FOUND folder: C:\Windows\Installer\MSIF0F9.tmp- =>Empty
FOUND folder: C:\Windows\Installer\MSIF722.tmp- =>Empty



---\\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.



---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)



---\\ Statistics
~ Items scanned : 99047
~ Items found : 4
~ Items cancelled : 0
~ Items repaired : 0



~ End of search in 5 minutes
===================
ZHPCleaner-[S]-07122015-09_33_17.txt

 

The ZHP scan asked if I used a proxy server, I din't know but said yes, I was also asked if I had installed

156.154.70.22.156.151.71.22   I am not sure what this address is so I said yes, and again the scan continued.   



#8 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 07 December 2015 - 08:34 AM

Step 5

 

    

 
Zoek.exe v5.0.0.1 Updated 05-December-2015
Tool run by Robert on 07/12/2015 at  9:51:03.94.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Robert\Downloads\zoek.exe
Script used: C:\Users\Robert\Downloads\zoekscript.txt
 
==== System Restore Info ======================
 
07/12/2015 09:53:37 Zoek.exe System Restore Point Created Successfully.
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Amor AVI DivX MPEG to VCD SVCD DVD Creator & Burner deleted successfully
C:\PROGRA~2\IObit deleted successfully
C:\PROGRA~2\onOne Software deleted successfully
C:\PROGRA~2\TomTom DesktopSuite deleted successfully
C:\Program Files\onOne Software deleted successfully
C:\PROGRA~3\360Quarant deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\CanonIJPLM deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Nalpeiron deleted successfully
C:\Users\Robert\AppData\Local\Adobe deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1939963696-4030184169-1170455680-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\wx1zkai9.default\prefs.js:
 
Added to C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\wx1zkai9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Deleted from C:\Users\Robert\AppData\Roaming\TomTom\HOME\Profiles\rponddm1.default\prefs.js:
 
Added to C:\Users\Robert\AppData\Roaming\TomTom\HOME\Profiles\rponddm1.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Deleted from C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\67vzvfag.default\prefs.js:
 
Added to C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\67vzvfag.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Amor AVI DivX MPEG to VCD SVCD DVD Creator & Burner not found
C:\PROGRA~2\IObit not found
C:\PROGRA~2\onOne Software not found
C:\PROGRA~2\TomTom DesktopSuite not found
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1939963696-4030184169-1170455680-1000 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\wx1zkai9.default\jetpack deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\Dashlane.exe" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\DashlanePlugin.exe" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.94798.dll" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" deleted
"C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\wx1zkai9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
ProfilePath: C:\Users\Robert\AppData\Roaming\TomTom\HOME\Profiles\rponddm1.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\67vzvfag.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26/09/2015 08:04]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"jetpack-extension@dashlane.com"="C:\Users\Robert\AppData\Roaming\Dashlane\3.5.2.94798\Extensions\JetPack_expanded\jetpack-extension@dashlane.com" []
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Robert\AppData\Roaming\TomTom\HOME\Profiles\rponddm1.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.7.903.9183@tomtom.com
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\67vzvfag.default
D74FB6B9BE33E87CBBB97FA3EECBB1BE - C:\Users\Robert\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll - Epic Privacy Browser Update
 
Profilepath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\wx1zkai9.default
F114FBA6246530B89DD1E04351E0EAC5 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash
D74FB6B9BE33E87CBBB97FA3EECBB1BE - C:\Users\Robert\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll - Epic Privacy Browser Update
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/04/2015 22:48]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]
 
Proxy Service - Robert\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\bfnhnefchjpncddinphaaghojhkdiicd
Encrypted Connection Preference - Robert\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\gldbhgnhlaiagaifjoilpoldndcgnkfd
Umbrella Button - Robert\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\lnbljomoelmhegncbidenhndbelgdahg
Epic Filter - Robert\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\ojmkmloghldahkpgloknaapbpembjija
Rapport - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
Dashlane - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg
Avast Online Security - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Rapport - Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
Avast Online Security - Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
 
==== Chromium Startpages ======================
 
C:\Users\Robert\AppData\Local\Epic Privacy Browser\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ]
 
 
==== Chromium Fix ======================
 
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage deleted successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage-journal deleted successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
 
==== Reset Google Chrome ======================
 
C:\Users\Robert\AppData\Local\Epic Privacy Browser\User Data\Default\Preferences was reset successfully
C:\Users\Robert\AppData\Local\Epic Privacy Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1939963696-4030184169-1170455680-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_USERS\S-1-5-21-1939963696-4030184169-1170455680-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_USERS\S-1-5-21-1939963696-4030184169-1170455680-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
HKEY_USERS\S-1-5-21-1939963696-4030184169-1170455680-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-1939963696-4030184169-1170455680-1000\Software\Mozilla\Firefox\Extensions\jetpack-extension@dashlane.com deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdAwareTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auslogics BoostSpeed 4 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\67vzvfag.default\cache2 emptied successfully
C:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\wx1zkai9.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Robert\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=2023 folders=244 138071197 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Robert\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Robert\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 07/12/2015 at 13:19:26.91 ======================
Step 6 to follow Best Regards Robert


#9 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 07 December 2015 - 12:36 PM

Step 6

As instructed in step 6 the last file is attached, however there have been some anomalies, one of the scans asked if I had installed this server " 156.154.70.22.156.151.71.22" and when running the Zoek scan a message said "Das21 has stopped working" I do not know what Das 21 is?

 

Unfortunately it has take some time to get back on the Bleeping Computer site as Zoek has uninstalled my DashLane password manager, and with it my passwords to many web sites.

 

On boot up my Rapport added a text box saying "Another program on your PC added an extension which may change how Chrome works"

 

That's all for now, regards Robert.

 

 

 

 

 

 

Attached Files



#10 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 08 December 2015 - 06:03 AM

Hi again Olgun52

 

      One more point, since the Zoek scan the Auto Play txt box keeps appearing it looks unstable as it flickers quickly, and in its General Options notification area of the box "Open folder to review files" is highlighted, but when I click on the txt or the X to close the Auto Play box down, nothing happens and it adds another link to the expanding menu which shows when I hover the cursor over the explorer icon, I am having trouble getting rid of it as the Auto Play box keeps coming back.

 

Regards Robert  


Edited by tyler4402, 08 December 2015 - 06:17 AM.


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 09 December 2015 - 04:46 AM

Hi Robert,

My apologies for the delay. I've had family obligations to tend to

====================================================

I understand. You do not use a proxy.

 

As instructed in step 6 the last file is attached, however there have been some anomalies, one of the scans asked if I had installed this server " 156.154.70.22.156.151.71.22" and when running the Zoek scan a message said "Das21 has stopped working" I do not know what Das 21 is?

Java software. No problem.

--------------

your the Auto Play issues ,  java may be related.

 

Unfortunately it has take some time to get back on the Bleeping Computer site as Zoek has uninstalled my DashLane password manager, and with it my passwords to many web sites.

Sorry.Please install again.
===========================================================
Step 1 is not successful.
Please read the instructions again and then run the script Fixlist again. Please write, If there is a point, you can not understand

Step 1:
 FRST Script:
 Please download this attached txt.gif  Fixlist.txt   58.63KB   3 downloads and save it in the same directory as FRST.txt.gif

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

=================================================================

Java update:
Updating Java and Clearing Cache:

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 66
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 09 December 2015 - 06:49 AM

Hi Yilmaz, hope the family are ok

 

Sorry I don't know if I have a proxy server or not, I'm not sure what a proxy is?

 

I downloaded the FixList.txt and slid it into the FRST64.exe folder, I could not find anything which gave me Admin Privileges so pressed the Fix button, then I got a warning box with

 

" Error Saving File

C:\FRST\HIVES\BCD!

Continue with next file?

[RegCreateKeyEx:5-Access Denied

 

I will continue with the JRE8, I actually thought that I had uninstalled the Java program after a safety warning 



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 09 December 2015 - 04:11 PM

Hi Robert,

 

Farbar Recovery Scan Tool (FRST) (x64 Bit)

 

Note: You need to run the version compatible with your system.
Your sistem is 64Bit. Okay !

 

Download Now 64-Bit Version

 

And please run as Administrator.

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:11:51 AM

Posted 10 December 2015 - 02:51 PM

Hi Yilmaz

All my downloaded files are automatically download to the same "Downloads" folder and not to the desktop, so I don't get the option of saving to the desktop.

 

When the instructions say "Please download this attached  Fixlist.txt  58.63KB 3 downloads and save it in the same directory as FRST"

 

I don't see 3 files, just the Fixlist.txt

 

Run as administrator??

I am not sure if the file automatically starts with Administrator Privileges as there is nothing obvious to confirm it.

The instructions say > “Save it (Fixlist) in the same directory as FRST”

I have run the FRST64.exe file from the “Downloads” folder which also has the Fixlist in it, this step you say has failed, I have also tried to slide the Fixlist file into the Frst64.exe file which when done automatically starts the program, but before I can press FIX another box opens with the words

"Error Saving File

C:\FRST\HIVES\BCD!

Continue with next file?

[RegCreateKeyEx:5-Access denied"

 

I have not done anything with the Java as yet, as I deleted the Java program some time ago after a safety warning, do I really need this Java program?



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 10 December 2015 - 07:34 PM

Hi Robert,
 

All my downloaded files are automatically download to the same "Downloads" folder and not to the desktop, so I don't get the option of saving to the desktop.

Problem is your browser settings.You can edit settings. Or, you can software cut and you paste on the desktop

==================

I deleted the Java program some time ago after a safety warning,
do I really need this Java program?

I think, you can fix,  your get the error the problem

============================================

When the instructions say "Please download this attached  Fixlist.txt  58.63KB 3 downloads and save it in the same directory as FRST" I don't see 3 files, just the Fixlist.txt

 

 FRST Script:
 Please download this attached txt.gif  Fixlist.txt   58.63KB  downloads and save it in the same directory as FRST.

  • Fixlist and FRST software must be in the desktop
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users