Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to Search Internet, Proxy Server in Internet Options Uncheckable. Help!


  • This topic is locked This topic is locked
19 replies to this topic

#1 dixie6000

dixie6000

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 29 March 2016 - 03:50 PM

I've been unable to use my laptop computer fully for almost two months now. I have a feeling when I downloaded an extension for Chrome, a bad malware was attached to it. I cannot access the internet through any of my browsers: Chrome, Firefox, or even the dreaded Internet Explorer. When trying to go to a site in Chrome, the message "this page cannot be displayed because an internal server error has occurred." In the lower left hand corner if my homepage does load and I type in a different address, the text "waiting for proxy tunnel" is visible. I've never seen that before and I'm pretty sure that I'm going through a proxy since I have Comcast as my ISP. Another message I would see after attempting to go to a website is "ERR_PROXY_CONNECTION_FAILED."   On the rare occasion that I do get to a new webpage, the https is crossed out. When checking to see if it was just Chrome acting up, Firefox would show an error message 'the proxy server is refusing connections" or it wouldn't change from the homepage at all. I've done Google searches on the fixing the proxy problem and when I checked the LAN settings in the Internet Options, I'm unable to uncheck the "use a proxy server for your LAN" option (greyed out). I don't believe that was checked before, but then again, I had no need to mess with those settings. In order to install programs to help fix this (i.e. Farbar Recovery), I had to use another computer other than mine, copy the download file to a flash drive, then paste it to my desktop. Here is my FRST.txt and I have the addition.txt attached to this. Thank you in advance for all of the help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Dixie (administrator) on DIXIE-PC (28-03-2016 20:22:33)
Running from C:\Users\Dixie\Desktop
Loaded Profiles: Dixie (Available Profiles: Dixie)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(unsightly) C:\Windows\parallel.exe
() C:\Program Files\excellent\unknown.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent, Inc.) C:\Users\Dixie\AppData\Roaming\BitTorrent Sync\BTSync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(windows 99) C:\Program Files\excellent\note.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cutoauto] => C:\Program Files\excellent\unknown.exe [42734 2016-02-11] ()
HKLM\...\Run: [autoauto] => C:\Program Files\excellent\note.exe [39424 2016-02-11] (windows 99)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2485944 2016-03-24] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1491128 2016-03-26] (COMODO)
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\...\Run: [rutoauto] => C:\Program Files\excellent\note.exe [39424 2016-02-11] (windows 99)
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\...\Run: [dutoauto] => C:\Program Files\excellent\unknown.exe [42734 2016-02-11] ()
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\...\Run: [GoogleChromeAutoLaunch_0179E60883E7711365672AA93BCDDE53] => C:\Program Files\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\...\Run: [BitTorrent Sync] => C:\Users\Dixie\AppData\Roaming\BitTorrent Sync\BTSync.exe [8909816 2016-03-02] (BitTorrent, Inc.)
ShellIconOverlayIdentifiers: [    YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-12-29] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-12-29] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-12-29] (Yandex)
ShellIconOverlayIdentifiers: [    YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-12-29] (Yandex)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!BTSync2.3.0Done] -> {581FFA04-FC33-0000-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_EF.dll [2016-01-30] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.0RO] -> {581FFA03-FC33-0000-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_EF.dll [2016-01-30] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.0RW] -> {581FFA02-FC33-0000-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_EF.dll [2016-01-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2016-03-25]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyEnable: [S-1-5-21-1017554007-2511993129-3492264835-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1017554007-2511993129-3492264835-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [S-1-5-21-1017554007-2511993129-3492264835-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 216.157.209.68 216.157.209.69
Tcpip\..\Interfaces\{22ECC849-68A0-4FB6-8A34-FCF9DA21A43A}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{D6EB10C0-983D-441A-AE1A-723CD0C1DFD0}: [DhcpNameServer] 216.157.209.68 216.157.209.69
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
 
FireFox:
========
FF ProfilePath: C:\Users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\3maj1h1b.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-02] (Foxit Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://hotmail.com/
CHR StartupUrls: Default -> "hxxp://hotmail.com/"
CHR Profile: C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-01]
CHR Extension: (Google Slides) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-01]
CHR Extension: (Google Docs) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-01]
CHR Extension: (Google Drive) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01]
CHR Extension: (YouTube) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Adblock Plus) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]
CHR Extension: (OneTab) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-03-28]
CHR Extension: (Google Search) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Search by Image (by Google)) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-01-13]
CHR Extension: (Google Sheets) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Pin It Button) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-12-12]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-03-28]
CHR Extension: (Popup Blocker Pro) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiodaajmphnkcajieajajinghpejdjai [2015-12-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-25]
CHR Extension: (Google Mail Checker) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-01]
CHR Extension: (Hover Zoom) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-03-28]
CHR Extension: (Blue Hacker) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggjpnkadjmcbhgnalceaofommieheai [2015-12-01]
CHR Extension: (Gmail) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01]
CHR Extension: (Enhancer for YouTube™) - C:\Users\Dixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2016-03-02]
CHR HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-20] (IObit)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [76984 2016-03-11] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4542840 2016-03-26] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1670840 2016-03-26] (COMODO)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2016-01-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2016-01-08] (Dropbox, Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2485944 2016-03-24] (Comodo Security Solutions, Inc.)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-12-01] (IObit)
R2 print; C:\Windows\parallel.exe [9216 2016-02-11] (unsightly) [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-12-03] () [File not signed]
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-12-02] (Microsoft Corporation)
S2 elated; C:\Windows\swing.exe [X]
S2 FreemakeVideoCapture; "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe" [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-12-25] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [27488 2016-03-21] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [643032 2016-03-21] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [52312 2016-03-21] (COMODO)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-12-20] (REALiX™)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [102184 2016-03-21] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2015-12-05] ()
S3 catchme; \??\C:\Users\Dixie\AppData\Local\Temp\catchme.sys [X]
S4 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [X]
S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [X]
S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-28 20:22 - 2016-03-28 20:23 - 00018849 _____ C:\Users\Dixie\Desktop\FRST.txt
2016-03-28 20:14 - 2016-03-28 20:22 - 00000000 ____D C:\FRST
2016-03-28 20:14 - 2016-03-28 20:04 - 01725440 _____ (Farbar) C:\Users\Dixie\Desktop\FRST.exe
2016-03-28 18:55 - 2016-03-28 18:55 - 00029830 _____ C:\ComboFix.txt
2016-03-28 18:22 - 2016-03-28 18:22 - 01518592 _____ C:\Users\Dixie\Desktop\AdwCleaner.exe
2016-03-28 16:52 - 2016-03-28 16:53 - 00204120 _____ C:\TDSSKiller.3.1.0.9_28.03.2016_16.52.34_log.txt
2016-03-26 13:20 - 2016-03-26 13:20 - 00000000 ____D C:\Program Files\Apple Software Update
2016-03-26 13:13 - 2016-03-26 13:15 - 118414152 _____ (Apple Inc.) C:\Users\Dixie\Downloads\iTunesSetup (1).exe
2016-03-26 13:10 - 2016-03-26 13:10 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-03-25 19:14 - 2016-03-25 19:14 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2016-03-25 19:14 - 2016-03-25 19:14 - 00000000 ____D C:\Program Files\Common Files\COMODO
2016-03-25 18:55 - 2016-03-25 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-25 18:32 - 2016-03-25 18:32 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-03-25 18:32 - 2016-03-25 18:32 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-03-25 18:13 - 2016-03-25 18:13 - 00017388 _____ C:\Users\Dixie\Documents\CisReport_x86_v8.2.0.4792_20160325-181352.zip
2016-03-25 17:41 - 2016-03-25 17:41 - 00000000 ____D C:\Users\Dixie\AppData\Local\GWX
2016-03-25 13:08 - 2016-03-25 13:08 - 00000000 ____D C:\Users\Dixie\AppData\Local\yuntnani
2016-03-20 21:49 - 2016-03-20 21:49 - 00002185 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-03-20 21:49 - 2016-03-20 21:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DIXIE-PC-Windows-7-Ultimate-(32-bit).dat
2016-03-20 21:49 - 2016-03-20 21:49 - 00000000 ____D C:\RegBackup
2016-03-20 21:49 - 2016-03-20 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-03-20 21:49 - 2016-03-20 21:49 - 00000000 ____D C:\Program Files\Tweaking.com
2016-03-20 21:48 - 2016-03-20 21:49 - 00015849 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-03-20 21:41 - 2016-03-20 21:41 - 00051146 _____ C:\Users\Dixie\Desktop\Extras.Txt
2016-03-20 21:40 - 2016-03-20 21:40 - 00166876 _____ C:\Users\Dixie\Desktop\OTL.Txt
2016-03-20 20:56 - 2016-03-20 20:56 - 01529344 _____ C:\Users\Dixie\Downloads\adwcleaner_5.103.exe
2016-03-13 16:04 - 2016-02-12 14:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-13 16:04 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-13 16:04 - 2016-02-12 14:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-13 16:04 - 2016-02-12 14:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-13 16:04 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-13 16:04 - 2016-02-12 14:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-13 16:04 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-13 16:04 - 2016-02-12 14:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-13 16:04 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-13 16:04 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-13 16:04 - 2016-02-12 14:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-13 16:04 - 2016-02-11 14:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-13 16:04 - 2016-02-11 14:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-13 16:04 - 2016-02-11 14:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-13 16:04 - 2016-02-11 14:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-13 16:04 - 2016-02-11 14:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-13 16:04 - 2016-02-11 14:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-13 16:04 - 2016-02-11 14:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-13 16:04 - 2016-02-11 14:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-13 16:04 - 2016-02-11 14:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-13 16:04 - 2016-02-11 14:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-13 16:04 - 2016-02-11 14:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-13 16:04 - 2016-02-11 14:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-13 16:04 - 2016-02-11 14:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-13 16:04 - 2016-02-11 14:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-13 16:04 - 2016-02-11 14:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-13 16:04 - 2016-02-11 14:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-13 16:04 - 2016-02-11 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-13 16:04 - 2016-02-11 14:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-13 16:04 - 2016-02-11 14:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-13 16:04 - 2016-02-11 14:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-13 16:04 - 2016-02-11 14:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-13 16:04 - 2016-02-11 14:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-13 16:04 - 2016-02-11 14:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-13 16:04 - 2016-02-11 14:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-13 16:04 - 2016-02-11 13:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-13 16:04 - 2016-02-11 13:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-13 16:04 - 2016-02-11 13:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-13 16:04 - 2016-02-11 13:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-13 16:04 - 2016-02-11 13:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-13 16:04 - 2016-02-11 13:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-13 16:04 - 2016-02-11 13:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-13 16:04 - 2016-02-11 13:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-13 16:04 - 2016-02-11 13:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-13 16:04 - 2016-02-09 05:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-13 16:04 - 2016-02-09 02:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-13 16:04 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-13 16:04 - 2016-02-08 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-13 16:04 - 2016-02-08 16:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-13 16:04 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-13 16:04 - 2016-02-08 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-13 16:04 - 2016-02-08 16:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-13 16:04 - 2016-02-08 16:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-13 16:04 - 2016-02-08 16:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-13 16:04 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-13 16:04 - 2016-02-08 16:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-13 16:04 - 2016-02-08 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-13 16:04 - 2016-02-08 16:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-13 16:04 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-13 16:04 - 2016-02-08 16:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-13 16:04 - 2016-02-08 16:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-13 16:04 - 2016-02-08 16:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-13 16:04 - 2016-02-08 16:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-13 16:04 - 2016-02-08 16:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-13 16:04 - 2016-02-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-13 16:04 - 2016-02-08 16:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-13 16:04 - 2016-02-08 16:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-13 16:04 - 2016-02-08 16:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-13 16:04 - 2016-02-08 16:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-13 16:04 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-13 16:04 - 2016-02-08 16:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-13 16:04 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-13 16:04 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-13 16:04 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-13 16:04 - 2016-02-08 16:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-13 16:04 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-13 16:04 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-13 16:04 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-13 16:04 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-13 16:04 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-13 16:04 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-13 16:04 - 2016-02-04 13:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-13 16:04 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-13 16:04 - 2016-02-03 14:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-13 16:04 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-13 16:04 - 2016-02-03 13:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-13 16:04 - 2012-02-11 01:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-03-13 16:03 - 2016-02-19 14:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-13 16:03 - 2016-02-19 14:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-13 16:03 - 2016-02-19 10:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-13 16:03 - 2016-02-11 10:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-13 16:03 - 2016-02-05 10:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-13 16:03 - 2016-02-05 10:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-13 16:03 - 2016-02-05 10:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-13 16:02 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-13 16:02 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-13 16:02 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-13 16:02 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-13 16:02 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-13 16:02 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-13 16:02 - 2016-02-05 14:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-13 16:02 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-13 16:02 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-13 16:02 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-13 16:02 - 2016-01-11 14:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-13 16:02 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-13 16:02 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-13 13:57 - 2016-03-13 13:57 - 00000000 _____ C:\Users\Dixie\AppData\Local\{1BDE8D09-86C7-440F-8076-3B4F455C15E1}
2016-03-12 01:56 - 2016-03-12 02:05 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-12 01:56 - 2016-03-12 01:56 - 01524224 _____ C:\Users\Dixie\Downloads\adwcleaner_5.101.exe
2016-03-08 23:43 - 2016-03-08 23:43 - 00010826 _____ C:\Users\Dixie\Documents\CisReport_x86_v8.2.0.4792_20160308-224258.zip
2016-03-08 17:26 - 2016-03-25 13:56 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-08 17:26 - 2016-03-08 17:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-08 17:25 - 2016-03-25 19:50 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-06 20:55 - 2015-01-08 19:44 - 00419936 _____ C:\Windows\system32\locale.nls
2016-03-06 20:49 - 2012-07-25 23:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2016-03-06 20:49 - 2012-07-25 23:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2016-03-06 20:49 - 2012-07-25 23:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-03-06 20:49 - 2012-07-25 23:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2016-03-06 20:49 - 2012-07-25 23:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2016-03-06 20:49 - 2012-07-25 22:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2016-03-06 20:49 - 2012-07-25 22:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2016-03-06 20:49 - 2012-06-02 10:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2016-03-06 20:37 - 2015-01-08 22:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-03-06 20:37 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-03-06 20:37 - 2015-01-08 22:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-03-06 20:33 - 2016-03-06 20:33 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-03-06 20:33 - 2016-03-06 20:33 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-03-06 20:33 - 2016-03-06 20:33 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-03-06 20:32 - 2016-03-06 20:32 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2016-03-06 20:32 - 2016-03-06 20:32 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2016-03-06 20:32 - 2016-03-06 20:32 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-03-06 20:32 - 2016-03-06 20:32 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2016-03-06 20:32 - 2016-03-06 20:32 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2016-03-06 20:32 - 2016-03-06 20:32 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2016-03-06 20:32 - 2016-03-06 20:32 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2016-03-06 20:32 - 2016-03-06 20:32 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2016-03-06 20:32 - 2016-03-06 20:32 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2016-03-06 20:32 - 2016-03-06 20:32 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2016-03-06 20:32 - 2016-03-06 20:32 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-03-06 20:32 - 2016-03-06 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-03-06 20:32 - 2016-03-06 20:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2016-03-06 20:31 - 2016-03-06 20:31 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-03-06 20:31 - 2016-03-06 20:31 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-06 20:31 - 2016-03-06 20:31 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-03-06 20:31 - 2016-03-06 20:31 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-03-06 20:31 - 2016-03-06 20:31 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2016-03-06 20:31 - 2016-03-06 20:31 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-03-06 20:31 - 2016-03-06 20:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-03-06 20:30 - 2016-03-06 20:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-03-06 20:30 - 2016-03-06 20:30 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2016-03-06 20:30 - 2016-03-06 20:30 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2016-03-06 20:30 - 2016-03-06 20:30 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-03-06 20:29 - 2016-03-06 20:29 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-03-06 20:29 - 2016-03-06 20:29 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-03-06 20:29 - 2016-03-06 20:29 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-03-06 20:29 - 2016-03-06 20:29 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-03-06 20:29 - 2016-03-06 20:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-03-06 20:29 - 2016-03-06 20:29 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-03-06 20:29 - 2016-03-06 20:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-03-06 20:29 - 2016-03-06 20:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-03-06 20:29 - 2016-03-06 20:29 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-03-06 20:29 - 2016-03-06 20:29 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-03-06 20:29 - 2016-03-06 20:29 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-03-06 20:28 - 2016-03-06 20:28 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2016-03-06 20:28 - 2016-03-06 20:28 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-03-06 20:28 - 2016-03-06 20:28 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2016-03-06 20:28 - 2016-03-06 20:28 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-03-06 20:28 - 2016-03-06 20:28 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2016-03-06 20:28 - 2016-03-06 20:28 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2016-03-06 20:28 - 2016-03-06 20:28 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-06 20:28 - 2016-03-06 20:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-06 20:28 - 2016-03-06 20:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2016-03-06 20:28 - 2016-03-06 20:28 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-03-06 20:28 - 2016-03-06 20:28 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-03-06 20:28 - 2016-03-06 20:28 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-03-06 20:28 - 2016-03-06 20:28 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-03-06 20:28 - 2016-03-06 20:28 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-03-06 20:28 - 2012-12-07 06:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2016-03-06 20:28 - 2012-12-07 06:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2016-03-06 20:27 - 2016-03-06 20:27 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2016-03-06 20:27 - 2016-03-06 20:27 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2016-03-06 20:27 - 2016-03-06 20:27 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2016-03-06 20:27 - 2016-03-06 20:27 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2016-03-06 20:27 - 2016-03-06 20:27 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-03-06 20:27 - 2016-03-06 20:27 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2016-03-06 20:27 - 2016-03-06 20:27 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2016-03-06 19:35 - 2016-03-06 19:35 - 00027359 _____ C:\Users\Dixie\Desktop\combofixscan.txt
2016-03-06 19:15 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-06 19:15 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-06 19:15 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-06 19:15 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-06 19:15 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-06 19:15 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-06 19:15 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-06 19:15 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-06 18:21 - 2016-03-08 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-06 17:12 - 2016-03-06 17:14 - 00205238 _____ C:\TDSSKiller.3.1.0.9_06.03.2016_16.12.35_log.txt
2016-03-02 15:56 - 2016-03-02 15:56 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Dixie\Downloads\mbar-1.09.2.1008.exe
2016-03-02 15:41 - 2016-03-02 15:43 - 00204768 _____ C:\TDSSKiller.3.1.0.9_02.03.2016_14.41.40_log.txt
2016-03-02 00:32 - 2016-03-02 00:32 - 04777232 _____ (Tweaking.com) C:\Users\Dixie\Downloads\tweaking.com_registry_backup_setup.exe
2016-03-01 23:59 - 2016-03-28 18:42 - 05659241 ____R (Swearware) C:\Users\Dixie\Desktop\ComboFix.exe
2016-03-01 23:59 - 2016-03-02 00:00 - 00000000 _____ C:\Users\Dixie\AppData\Local\{53C741AF-C7E9-4FE5-A708-F16C186624CC}
2016-03-01 23:55 - 2016-03-01 17:32 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Dixie\Desktop\tdsskiller.exe
2016-03-01 23:54 - 2016-03-01 17:40 - 00602112 _____ (OldTimer Tools) C:\Users\Dixie\Desktop\OTL.exe
2016-03-01 23:54 - 2016-03-01 17:36 - 01609216 _____ (Malwarebytes) C:\Users\Dixie\Desktop\JRT.exe
2016-03-01 23:01 - 2016-03-06 18:39 - 00000000 ____D C:\Users\Dixie\Desktop\mbar
2016-03-01 23:00 - 2016-03-28 18:32 - 00000000 ____D C:\AdwCleaner
2016-03-01 22:56 - 2016-03-01 23:00 - 00208390 _____ C:\TDSSKiller.3.1.0.9_01.03.2016_21.56.53_log.txt
2016-03-01 22:43 - 2016-03-01 22:43 - 00001559 _____ C:\3116scan.txt
2016-03-01 22:22 - 2016-03-06 18:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-01 22:20 - 2016-03-06 17:30 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-01 22:20 - 2016-03-02 00:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-01 22:20 - 2016-03-01 22:20 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-01 22:20 - 2016-03-01 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-01 22:20 - 2015-10-05 10:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-01 22:20 - 2015-10-05 10:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-28 20:18 - 2016-02-15 14:34 - 00002116 _____ C:\Users\Dixie\Desktop\Google Chrome.lnk
2016-03-28 20:18 - 2016-02-11 20:55 - 00000000 ____D C:\Program Files\Hoistsearch
2016-03-28 20:18 - 2016-01-30 16:27 - 00000000 ____D C:\Users\Dixie\AppData\Roaming\BitTorrent Sync
2016-03-28 20:17 - 2016-01-08 22:27 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-28 20:17 - 2015-12-01 00:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-28 20:17 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-28 20:16 - 2010-11-20 17:01 - 00979906 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-28 20:16 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-03-28 20:13 - 2016-02-14 19:57 - 03218262 _____ C:\Windows\ntbtlog.txt
2016-03-28 18:55 - 2016-02-24 22:26 - 00000000 ____D C:\Qoobox
2016-03-28 18:53 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2016-03-28 18:34 - 2015-12-01 02:06 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-03-28 18:26 - 2009-07-14 00:34 - 00026480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-28 18:26 - 2009-07-14 00:34 - 00026480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-28 18:12 - 2016-01-08 22:33 - 00000000 ___RD C:\Users\Dixie\Dropbox
2016-03-28 18:12 - 2016-01-08 22:27 - 00000000 ____D C:\Users\Dixie\AppData\Local\Dropbox
2016-03-28 16:50 - 2016-02-10 14:44 - 00000000 ____D C:\Users\Dixie\AppData\Local\ElevatedDiagnostics
2016-03-28 16:42 - 2016-01-08 22:27 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-28 16:42 - 2015-12-01 00:47 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-26 13:20 - 2015-12-01 19:05 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-26 13:04 - 2016-02-12 21:52 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2016-03-26 13:03 - 2015-12-01 02:10 - 00653984 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-03-26 12:58 - 2015-12-01 02:06 - 00001953 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk
2016-03-26 12:37 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-03-25 19:14 - 2015-12-01 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-03-25 18:55 - 2016-01-08 22:27 - 00000000 ____D C:\Program Files\Dropbox
2016-03-25 18:36 - 2016-02-14 22:21 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-25 18:32 - 2016-01-24 16:09 - 00002000 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-03-25 18:32 - 2016-01-24 16:09 - 00001998 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-03-25 18:32 - 2016-01-24 16:09 - 00001988 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-03-25 18:32 - 2016-01-24 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-25 13:58 - 2009-07-14 00:33 - 00414760 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-25 13:34 - 2015-12-04 18:27 - 00000000 ____D C:\Windows\system32\MRT
2016-03-25 13:21 - 2015-12-04 18:27 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-21 15:19 - 2015-11-18 18:14 - 00643032 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-03-21 15:19 - 2015-08-05 01:31 - 00102184 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-03-21 15:19 - 2015-08-05 01:31 - 00052312 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-03-21 15:18 - 2015-11-18 18:14 - 00027488 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-03-21 15:17 - 2015-09-03 12:52 - 00461648 _____ (COMODO) C:\Windows\system32\guard32.dll
2016-03-21 15:17 - 2015-08-05 01:29 - 00044000 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-03-21 15:12 - 2015-08-05 01:27 - 00295608 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2016-03-21 15:11 - 2015-08-05 01:26 - 00046776 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll
2016-03-13 14:00 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat
2016-03-08 18:06 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\tracing
2016-03-08 17:35 - 2015-12-01 00:47 - 00110408 _____ C:\Users\Dixie\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-08 17:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-03-08 17:25 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\Dism
2016-03-08 17:25 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-06 19:26 - 2016-02-24 22:27 - 00000000 ____D C:\Windows\ERDNT
2016-03-06 18:40 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\ModemLogs
2016-03-06 18:16 - 2016-02-12 12:50 - 00000000 ____D C:\Users\Dixie\Documents\Greenpath
2016-03-06 17:02 - 2009-07-14 00:53 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-02 15:38 - 2016-01-31 00:03 - 00000000 ___RD C:\Users\Dixie\YandexDisk
2016-03-01 17:47 - 2015-12-20 19:45 - 00002206 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
 
==================== Files in the root of some directories =======
 
2016-02-14 13:29 - 2016-02-14 13:29 - 6871040 _____ () C:\Program Files\GUTABCA.tmp
2016-02-11 19:51 - 2016-02-11 19:51 - 0000108 _____ () C:\Users\Dixie\AppData\Local\dottmpfile.txt
2016-02-20 20:23 - 2016-02-20 20:25 - 0000000 _____ () C:\Users\Dixie\AppData\Local\{1B526BBC-64DC-454D-B399-2D1BD437ECDA}
2016-03-13 13:57 - 2016-03-13 13:57 - 0000000 _____ () C:\Users\Dixie\AppData\Local\{1BDE8D09-86C7-440F-8076-3B4F455C15E1}
2016-03-01 23:59 - 2016-03-02 00:00 - 0000000 _____ () C:\Users\Dixie\AppData\Local\{53C741AF-C7E9-4FE5-A708-F16C186624CC}
2016-01-02 17:08 - 2016-01-02 17:08 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-25 17:41
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 29 March 2016 - 05:24 PM

Hello dixie6000 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  

http=127.0.0.1:8877;https=127.0.0.1:8877

Did you do this proxy settings?

========================================

YandexDisk
C:\Program Files\stage
C:\Windows\swing.exe

Do you use this softwares?


Edited by olgun52, 29 March 2016 - 06:16 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 dixie6000

dixie6000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 29 March 2016 - 06:15 PM

I did not do that proxy setting

#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 29 March 2016 - 06:20 PM

Okay.

YandexDisk
C:\Program Files\stage
C:\Windows\swing.exe

Do you use this softwares ?

====================================

What do you use as a firewall ?

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 dixie6000

dixie6000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 29 March 2016 - 10:57 PM

I use YandexDisk but I have no idea what the other two software are. As for firewalls, I meant to download one that could replace Windows Firewall and I don't remember if at that time, the firewall was disabled or not.

#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 30 March 2016 - 07:32 AM

Hi dixie6000,

 Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 
 Please do the following,

 

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • IObit (SmartDefrag+Driver Booster+Advanced SystemCare+Malware Fighter)
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

And PC Reboot
======================================================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

==================================================================================

FRST Script:
Please download this attached Attached File  Fixlist.txt   43.96KB   5 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

 

How is the PC running now and any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 dixie6000

dixie6000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 30 March 2016 - 08:31 PM

Currently, I have attached the Zemana report, below is Fixlog.txt, and I am sending you both requested files from my laptop! The https has returned and I don't see the proxy in the lower corner. I do have a Security Warning popping up saying:
 
"You are about to install a certificate from a certification authority (CA) claiming to represent:
DO_NOT_TRUST_FiddlerRoot
 
Windows cannot validate that the certificate is actually from 'DO_NOT_TRUST_FiddlerRoot'. The following number will assist you in this process:
 
Thumbprint (sha1): 012706FD1CD120AE1E048679 8CAB0605 CFFE4F56
 
Warning: if you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click 'Yes' you acknowledge this risk.
 
Do you want to install this certificate?"
 
Should I click "yes" on the warning?
==================================================================================
 
Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Dixie (2016-03-30 20:56:19) Run:1
Running from C:\Users\Dixie\Desktop
Loaded Profiles: Dixie (Available Profiles: Dixie)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
 
start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
Task: {17D4FAFD-826E-46D4-8B57-FA992B189FAA} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {19FB095A-47B4-41A9-B778-46F844F171B5} - \{3DFAF46A-C82D-4916-A773-5E1DACD41BA2} -> No File <==== ATTENTION
Task: {1FDB40F7-6CED-490A-B4C6-A2DE9741FBD0} - System32\Tasks\ASC9_SkipUac_Dixie => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
Task: {249181AA-777E-4082-9445-2DEBB3081D21} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
ask: {49C6E943-39CF-4FB3-B93B-2B25F4E9F2E8} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4F95119B-08FD-4448-AEE0-8BEF0E2E142B} - \Driver Booster SkipUAC (Dixie) -> No File <==== ATTENTION
Task: {53D45867-18D1-4649-A2F5-9C2AA48D4EBA} - System32\Tasks\404962 => C:\Program Files\excellent\note.exe [2016-02-11] (windows 99) <==== ATTENTION
Task: {6382D130-5D81-43A1-9767-3CB22CC03820} - \{75B6E432-32CF-47C7-80A1-6D26A33F0788} -> No File <==== ATTENTION
Task: {6DBAB8CF-A8A4-42AC-BFF4-23EBCB886AF8} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {71AF7CDA-46BF-4BED-91D7-6A569F8F4107} - System32\Tasks\6448398644839864483986448398 => C:\Program Files\excellent\note.exe [2016-02-11] (windows 99) <==== ATTENTION
Task: {7992A1E7-BEF4-43BC-A694-6776A4A6CFE8} - \SmartDefrag4_Startup -> No File <==== ATTENTION
Task: {8778FCBD-8B53-4BAE-85A0-D52AB5FA60DC} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {9C32BDDF-B9DF-4E0D-A4ED-00CB0F92994F} - \SmartDefrag4_Update -> No File <==== ATTENTION
Task: {AC069F57-6BB8-497C-AC4B-C01736AA15A6} - \Uninstaller_SkipUac_Dixie -> No File <==== ATTENTION
Task: {BCB8715B-9F92-47D8-9E5B-4779BC44D12D} - System32\Tasks\47171634 => C:\Program Files\stage\stain.exe <==== ATTENTION
Task: {C8709FA7-EE4C-4142-88DC-AC1F27F45891} - System32\Tasks\245810086 => C:\Program Files\shrill\lewd.exe [2016-02-11] (cagey) <==== ATTENTION
Task: {DEB0552F-6356-452E-98DF-6D567982D98B} - System32\Tasks\utg3023 => C:\Program Files\Hoistsearch\utg3023.exe [2016-03-21] () <==== ATTENTION
Task: {E2D64170-3ADA-4378-A494-EC15E790C229} - System32\Tasks\145810086 => C:\Program Files\shrill\lewd.exe [2016-02-11] (cagey) <==== ATTENTION
Task: {F848963D-4653-4AF6-B662-07C62C4FA85D} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
C:\Program Files\IObit\IObit Malware Fighter\sqlite3.dll
2016-02-11 19:22 - 2016-02-11 19:51 - 00042734 _____ () C:\Program Files\excellent\unknown.exe
2016-03-28 20:18 - 2016-03-28 20:18 - 00011264 _____ () C:\Users\Dixie\AppData\Local\Temp\nskE9A3.tmp\System.dll
AlternateDataStreams: C:\Windows\CtDrvIns.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\cumbersome.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\OEM02Cfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\OEM02Mon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\parallel.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\7327143.bat:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\CtCamMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cximage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hccutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hpinkcoiC511.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hpinkinsC511.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hpinkstsC511LM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HPScanTRDrv_EN4500.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HPWia2_EN4500.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ig4dev32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ig4icd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igd10umd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igdumd32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igdumdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxCoIn_v1930.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxexps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrara.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrchs.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcht.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcsy.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdan.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdeu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrell.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrenu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxresp.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxress.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfin.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfra.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrheb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrhun.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrita.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrjpn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrkor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnld.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnor.lrc:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igfxrplk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrptb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrptg.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrrus.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsky.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrslv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsve.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtha.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtrk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxsrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxsrvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxTMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igxpun.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\odbcjt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OEM02Cvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OEM02Hwx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OEM02Pin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OEM02Srv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oemdspif.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TVWSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Vxdif.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01005.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\yk62x86.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Apfiltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd32.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\OEM02Afx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\OEM02Dev.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\OEM02Vfx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\serscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbaapl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\yk62x86.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Desktop\AdwCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\12250082_10153736086073996_8062479241568647359_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\advanced-systemcare-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\advanced-systemcare-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\AirServer-4.1.4-x86.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\AirServer-4.1.4-x86.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\BitTorrent-Sync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Dixie\Downloads\BitTorrent-Sync.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\ChromeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\ComicRackSetup09176.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\FoxitReader728.1124_prom_enu_Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\FoxitReader728.1124_prom_enu_Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\FreemakeVideoDownloaderFull.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\FreemakeVideoDownloaderFull.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\googledrivesync.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\icloudsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\icloudsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\IObit-Malware-Fighter-Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\IObit-Malware-Fighter-Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\iTunesSetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\iTunesSetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\mbam-setup-org-2.2.0.1024.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\mbam-setup-org-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\mbar-1.09.2.1008.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\mbar-1.09.2.1008.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\netjukebox_6.08.11.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\serviio-1.5.2-win-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\Silverlight.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\Silverlight.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\switchsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\switchsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\tagscan5.1.668setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\TeamSpeak3-Client-win32-3.0.16.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Dixie\Downloads\Tephlon-Funk-Demo.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\tweaking.com_registry_backup_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\vce_exam_simulator_demo_setup.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\VDU_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\vlc-2.2.1-win32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\vlc-2.2.1-win32.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\WD_SmartWare_Installer_2.4.12.1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\YandexDiskSetupEn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dixie\Downloads\YandexDiskSetupEn.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\[kat.cr]kanye.west.the.life.of.pablo.2016.deluxe.edition.mp3.320kbps.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\[kat.cr]mýa.smoove.jones.2016.320kbps.pirate.shovon.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Downloads\[kat.cr]winzip.pro.final.v15.0.serials.chattchitto.rg.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Documents\CompTIA-A-Exam-Objectives-for-220-901-220-902.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dixie\Documents\Tephlon-Funk-Demo.pdf:$CmdZnID [26]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
FirewallRules: [{F8FE266D-20E0-4118-9311-F97F575B0023}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{F2425C98-BEB9-4ABA-937A-820A5C74CCEA}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{AC015EBE-81A9-428C-804A-D82203885BDF}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C1A5541A-2CEA-4376-B404-5A277ACCD750}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{77BA1C2A-8EDD-4589-A014-545669CACAED}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{32CF72E0-4C55-48A8-8456-4261B5B276CA}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{32CF72E0-4C55-48A8-8456-4261B5B276CA}] => (Allow) C:\Program Files\IObit\Driver Booster
FirewallRules: [{32CF72E0-4C55-48A8-8456-4261B5B276CA}] => (Allow) C:\Program Files\IObit
FirewallRules: [{E6D47466-F926-4056-96F5-D5E202C7F8E0}] => (Allow) C:\Users\Dixie\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{A7722383-E074-4B48-BB08-4583300C402E}] => (Allow) C:\Users\Dixie\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{84F7C341-4FB9-498B-90F0-8039CFC335F4}] => (Allow) C:\Program Files\excellent\note.exe
FirewallRules: [{02302D56-22D4-4834-847E-985A61DE91AF}] => (Allow) C:\Program Files\excellent\note.exe
FirewallRules: [{A2EFF3D4-FC33-4C89-9B29-8630D27C1D90}] => (Allow) C:\Program Files\excellent\getcap.exe
FirewallRules: [{574CDA3B-1E26-4EC2-9FD7-9E9F903A7A8B}] => (Allow) C:\Program Files\excellent\getcap.exe
FirewallRules: [{33F72FD4-8035-4DC3-A0DC-52201042C285}] => (Allow) C:\a\winonit.exe
FirewallRules: [{B42EFBEB-2477-45E1-8A7E-1D4D2E69805C}] => (Allow) C:\a\winonit.exe
FirewallRules: [{D222E256-2AA0-41AB-A08B-966037B32AEC}] => (Allow) C:\Program Files\excellent\unknown.exe
FirewallRules: [{96E3CF41-51C1-4C74-B2DD-B070615FB2FF}] => (Allow) C:\Program Files\excellent\unknown.exe
FirewallRules: [{83121748-7CAA-4860-BA4B-A113EFB493FD}] => (Allow) C:\a\0sZCRZGiQFj6hFZ3cNfX-ni-2016-02-11-ni-7123-ni-1.exe
FirewallRules: [{2FBFBBC2-7777-4A1E-8F4C-A079E1A368FF}] => (Allow) C:\a\0sZCRZGiQFj6hFZ3cNfX-ni-2016-02-11-ni-7123-ni-1.exe
(unsightly) C:\Windows\parallel.exe
() C:\Program Files\excellent\unknown.exe
(windows 99) C:\Program Files\excellent\note.exe
HKLM\...\Run: [cutoauto] => C:\Program Files\excellent\unknown.exe [42734 2016-02-11] ()
HKLM\...\Run: [autoauto] => C:\Program Files\excellent\note.exe [39424 2016-02-11] (windows 99)
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\...\Run: [rutoauto] => C:\Program Files\excellent\note.exe [39424 2016-02-11] (windows 99)
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\...\Run: [dutoauto] => C:\Program Files\excellent\unknown.exe [42734 2016-02-11] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.0Done] -> {581FFA04-FC33-0000-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_EF.dll [2016-01-30] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.0RO] -> {581FFA03-FC33-0000-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_EF.dll [2016-01-30] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.0RW] -> {581FFA02-FC33-0000-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_EF.dll [2016-01-30] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyEnable: [S-1-5-21-1017554007-2511993129-3492264835-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1017554007-2511993129-3492264835-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [S-1-5-21-1017554007-2511993129-3492264835-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-20] (IObit)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-12-01] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
S3 catchme; \??\C:\Users\Dixie\AppData\Local\Temp\catchme.sys [X]
S4 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [X]
S3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [X]
S3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-03-25 13:08 - 2016-03-25 13:08 - 00000000 ____D C:\Users\Dixie\AppData\Local\yuntnani
2016-03-13 13:57 - 2016-03-13 13:57 - 00000000 _____ C:\Users\Dixie\AppData\Local\{1BDE8D09-86C7-440F-8076-3B4F455C15E1}
2016-03-01 23:59 - 2016-03-02 00:00 - 00000000 _____ C:\Users\Dixie\AppData\Local\{53C741AF-C7E9-4FE5-A708-F16C186624CC}
2016-03-01 22:43 - 2016-03-01 22:43 - 00001559 _____ C:\3116scan.txt
 C:\Program Files\Hoistsearch
2016-03-28 20:18 - 2016-01-30 16:27 - 00000000 ____D C:\Users\Dixie\AppData\Roaming\BitTorrent Sync
2016-03-28 20:17 - 2016-01-08 22:27 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-28 20:17 - 2015-12-01 00:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 17:47 - 2015-12-20 19:45 - 00002206 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-02-14 13:29 - 2016-02-14 13:29 - 6871040 _____ () C:\Program Files\GUTABCA.tmp
2016-02-11 19:51 - 2016-02-11 19:51 - 0000108 _____ () C:\Users\Dixie\AppData\Local\dottmpfile.txt
2016-02-20 20:23 - 2016-02-20 20:25 - 0000000 _____ () C:\Users\Dixie\AppData\Local\{1B526BBC-64DC-454D-B399-2D1BD437ECDA}
2016-03-13 13:57 - 2016-03-13 13:57 - 0000000 _____ () C:\Users\Dixie\AppData\Local\{1BDE8D09-86C7-440F-8076-3B4F455C15E1}
2016-03-01 23:59 - 2016-03-02 00:00 - 0000000 _____ () C:\Users\Dixie\AppData\Local\{53C741AF-C7E9-4FE5-A708-F16C186624CC}
2016-01-02 17:08 - 2016-01-02 17:08 - 0000057 _____ () C:\ProgramData\Ament.ini
C:\Program Files\stage
C:\Windows\swing.exe
S2 elated; C:\Windows\swing.exe
FirewallRules: [{34E7CB05-3008-4B98-9267-B0EBA88BF7FF}] => (Allow) C:\Program Files\stage\stain.exe
FirewallRules: [{4C4DCD68-7A2D-4A21-96BF-8B157B2B7A8E}] => (Allow) C:\Program Files\stage\stain.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
end
Reboot:
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17D4FAFD-826E-46D4-8B57-FA992B189FAA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17D4FAFD-826E-46D4-8B57-FA992B189FAA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_PerformanceMonitor" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19FB095A-47B4-41A9-B778-46F844F171B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19FB095A-47B4-41A9-B778-46F844F171B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3DFAF46A-C82D-4916-A773-5E1DACD41BA2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FDB40F7-6CED-490A-B4C6-A2DE9741FBD0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FDB40F7-6CED-490A-B4C6-A2DE9741FBD0}" => key removed successfully.
C:\Windows\System32\Tasks\ASC9_SkipUac_Dixie => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_Dixie" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{249181AA-777E-4082-9445-2DEBB3081D21}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{249181AA-777E-4082-9445-2DEBB3081D21}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore" => key removed successfully.
ask: {49C6E943-39CF-4FB3-B93B-2B25F4E9F2E8} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F95119B-08FD-4448-AEE0-8BEF0E2E142B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F95119B-08FD-4448-AEE0-8BEF0E2E142B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Dixie)" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53D45867-18D1-4649-A2F5-9C2AA48D4EBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53D45867-18D1-4649-A2F5-9C2AA48D4EBA}" => key removed successfully.
C:\Windows\System32\Tasks\404962 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\404962" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6382D130-5D81-43A1-9767-3CB22CC03820}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6382D130-5D81-43A1-9767-3CB22CC03820}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75B6E432-32CF-47C7-80A1-6D26A33F0788}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DBAB8CF-A8A4-42AC-BFF4-23EBCB886AF8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DBAB8CF-A8A4-42AC-BFF4-23EBCB886AF8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71AF7CDA-46BF-4BED-91D7-6A569F8F4107}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71AF7CDA-46BF-4BED-91D7-6A569F8F4107}" => key removed successfully.
C:\Windows\System32\Tasks\6448398644839864483986448398 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6448398644839864483986448398" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7992A1E7-BEF4-43BC-A694-6776A4A6CFE8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7992A1E7-BEF4-43BC-A694-6776A4A6CFE8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag4_Startup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8778FCBD-8B53-4BAE-85A0-D52AB5FA60DC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8778FCBD-8B53-4BAE-85A0-D52AB5FA60DC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C32BDDF-B9DF-4E0D-A4ED-00CB0F92994F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C32BDDF-B9DF-4E0D-A4ED-00CB0F92994F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag4_Update" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC069F57-6BB8-497C-AC4B-C01736AA15A6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC069F57-6BB8-497C-AC4B-C01736AA15A6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Dixie" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCB8715B-9F92-47D8-9E5B-4779BC44D12D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCB8715B-9F92-47D8-9E5B-4779BC44D12D}" => key removed successfully.
C:\Windows\System32\Tasks\47171634 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\47171634" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8709FA7-EE4C-4142-88DC-AC1F27F45891}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8709FA7-EE4C-4142-88DC-AC1F27F45891}" => key removed successfully.
C:\Windows\System32\Tasks\245810086 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\245810086" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEB0552F-6356-452E-98DF-6D567982D98B} => key not found. 
C:\Windows\System32\Tasks\utg3023 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\utg3023 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2D64170-3ADA-4378-A494-EC15E790C229}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2D64170-3ADA-4378-A494-EC15E790C229}" => key removed successfully.
C:\Windows\System32\Tasks\145810086 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\145810086" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F848963D-4653-4AF6-B662-07C62C4FA85D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F848963D-4653-4AF6-B662-07C62C4FA85D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineUA" => key removed successfully.
C:\Program Files\IObit\IObit Malware Fighter\sqlite3.dll => moved successfully
C:\Program Files\excellent\unknown.exe => moved successfully
C:\Users\Dixie\AppData\Local\Temp\nskE9A3.tmp\System.dll => moved successfully
"C:\Windows\CtDrvIns.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\cumbersome.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\explorer.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\notepad.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\OEM02Cfg.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\OEM02Mon.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\parallel.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\7327143.bat" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aaclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\adprovider.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aelupsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aepic.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aitstatic.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\apphelp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidcertstorecheck.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidpolicyconverter.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appidsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\appinfo.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\audiodg.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AudioEng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AudioSes.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\basesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\bcryptprimitives.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\blackbox.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\browcli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\browser.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\capiprovider.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\catsrvut.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cdd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cdosys.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\certenc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\certutil.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cewmdm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\charmap.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ci.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\clfs.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\clfsw32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cngprovider.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\comctl32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\comsvcs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\consent.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\credui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\crypt32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptdlg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptnet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cscript.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CtCamMgr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cximage.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d2d1.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3d10warp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\davclnt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\devenum.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dfshim.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dhcpcore6.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dhcpcsvc6.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\diagtrack.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dimsroam.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\diskperf.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dns-sd.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dnsapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dnscacheugc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dnsrslvr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dpapiprovider.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dpnet.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\drmmgrtn.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\drmv2clt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dwmapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dwmcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DWrite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\els.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\EncDump.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\esent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\evr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ExplorerFrame.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fixmapi.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FntCache.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fsutil.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FWPUCLNT.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FXSCOVER.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gameux.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\hccutils.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\hkcmd.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\hpinkcoiC511.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\hpinkinsC511.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\hpinkstsC511LM.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\HPScanTRDrv_EN4500.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\HPWia2_EN4500.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\icardagt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\icardres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ig4dev32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ig4icd32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igd10umd32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igdumd32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igdumdx32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxcfg.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxCoIn_v1930.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxcpl.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxdev.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxdo.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxexps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxext.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxpers.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxpph.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrara.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrchs.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrcht.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrcsy.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrdan.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrdeu.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrell.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrenu.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxresp.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxress.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrfin.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrfra.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrheb.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrhun.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrita.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrjpn.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrkor.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrnld.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrnor.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrplk.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrptb.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrptg.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrrus.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrsky.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrslv.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrsve.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrtha.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxrtrk.lrc" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxsrvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxsrvc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxTMM.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igfxtray.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\igxpun.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\IKEEXT.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\imagehlp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\IMJP10K.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\inetcomm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\infocardapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iologmsg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\iphlpsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDBASH.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDRU.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDRU1.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDTAT.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDYAK.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ksproxy.ax" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ksuser.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\localspl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\logman.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mapistub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mcmde.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfc42.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfc42u.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfvdsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MFWMAAEC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP3DMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP43DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP4SDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mpg2splt.ax" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MPG4DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mscorier.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mscories.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msctf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msdrm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msieftp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msiexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msihnd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msimsg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msmmsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msmpeg2adec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msmpeg2vdec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msnetobj.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msscntrs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msscp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mssph.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mssphtb.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mssrch.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mssvp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mstsc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mstscax.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msvcrt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml3.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml3r.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml6.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msxml6r.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ncsi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\netapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\netcorehc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\netevent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlaapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\notepad.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nshwfp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntshrui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\objsel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\odbccp32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\odbccr32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\odbccu32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\odbcjt32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\odbctrac.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\OEM02Cvw.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\OEM02Hwx.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\OEM02Pin.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\OEM02Srv.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\oemdspif.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\oleacc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\osk.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\OxpsConverter.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\packager.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcadm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcaevts.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcalua.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcasvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pcawrk.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pku2u.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\poqexec.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\prevhost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\psisdecd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\psisrndr.ax" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\qasf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\qedit.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\quartz.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rastls.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdpcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdpcorekmts.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdpcorets.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdpudd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdpwsx.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdrmemptylst.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\relog.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RMActivate.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RMActivate_isv.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RMActivate_ssp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RMActivate_ssp_isv.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sbe.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\scavengeui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\scesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schedsvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\scrrun.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sdbinst.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SearchFilterHost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SearchIndexer.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SearchProtocolHost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sechost.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secproc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secproc_isv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secproc_ssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secproc_ssp_isv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\services.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\setbcdlocale.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\shdocvw.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\shell32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\shimeng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SmartcardCredentialProvider.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\synceng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SysFxUI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sysmain.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tdh.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\termsrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\timedate.cpl" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tquery.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tracerpt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tsgqec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWorkspace.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TVWSetup.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\typeperf.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tzres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ubpm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\umpnpmgr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\usbaaplrc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\user32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\usp10.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\UtcResources.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\VIDRESZR.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Vxdif.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WdfCoInstaller01005.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Wdfres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WebClnt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\webio.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wer.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\win32spl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wincredprovider.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winload.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winlogon.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winresume.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winsta.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wintrust.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMADMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMADMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMALFXGFXDSP.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmdrmsdk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMPhoto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmpmde.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMSPDMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMSPDMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVDECOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVENCOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVSDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVSENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVXENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Wpc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wpdshext.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wscript.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wshom.ocx" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wshrm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WSManHTTPConfig.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WSManMigrationPlugin.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WsmAuto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WsmSvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WsmWmiPl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wwanprotdim.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wwansvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\xmllite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\yk62x86.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\afd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\amdsata.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\amdxata.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\Apfiltr.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\appid.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ataport.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\bowser.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\Diskdump.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\drmk.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\drmkaud.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\dxgkrnl.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\dxgmms1.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\fs_rec.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\fvevol.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\FWPKCLNT.SYS" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\hidclass.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\hidparse.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\http.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\iaStorV.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\igdkmd32.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mountmgr.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\msiscsi.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ndis.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\netio.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\nvraid.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\nvstor.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\OEM02Afx.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\OEM02Dev.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\OEM02Vfx.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\partmgr.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\PEAuth.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\portcls.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rdpvideominiport.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rdpwd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rmcast.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\RNDISMP.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\serscan.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\srv.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\srv2.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\srvnet.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\storport.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\stream.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tcpip.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tcpipreg.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tdtcp.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tdx.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tssecsrv.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usb8023.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbaapl.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbccgp.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbcir.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbehci.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbhub.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbport.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbuhci.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbvideo.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\wdcsam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\Wdf01000.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\WdfLdr.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\yk62x86.sys" => ":$CmdTcID" ADS not found.
"C:\Users\Dixie\Desktop\AdwCleaner.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\12250082_10153736086073996_8062479241568647359_n.jpg => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\advanced-systemcare-setup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\advanced-systemcare-setup.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\AirServer-4.1.4-x86.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\AirServer-4.1.4-x86.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\BitTorrent-Sync.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\BitTorrent-Sync.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\ChromeSetup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\ChromeSetup.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\ComicRackSetup09176.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dixie\Downloads\FoxitReader728.1124_prom_enu_Setup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\FoxitReader728.1124_prom_enu_Setup.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\FreemakeVideoDownloaderFull.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\FreemakeVideoDownloaderFull.exe => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\googledrivesync.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\icloudsetup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\icloudsetup.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\IObit-Malware-Fighter-Setup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\IObit-Malware-Fighter-Setup.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\iTunesSetup (1).exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\iTunesSetup (1).exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\mbam-setup-org-2.2.0.1024.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\mbam-setup-org-2.2.0.1024.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\mbar-1.09.2.1008.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\mbar-1.09.2.1008.exe => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\netjukebox_6.08.11.zip => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\serviio-1.5.2-win-setup.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\Silverlight.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\Silverlight.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\switchsetup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\switchsetup.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\tagscan5.1.668setup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dixie\Downloads\TeamSpeak3-Client-win32-3.0.16.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\Tephlon-Funk-Demo.pdf => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\tweaking.com_registry_backup_setup.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\tweaking.com_registry_backup_setup.exe => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\vce_exam_simulator_demo_setup.zip => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\VDU_install.exe => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\vlc-2.2.1-win32.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\vlc-2.2.1-win32.exe => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\WD_SmartWare_Installer_2.4.12.1.zip => ":$CmdZnID" ADS removed successfully..
"C:\Users\Dixie\Downloads\YandexDiskSetupEn.exe" => ":$CmdTcID" ADS not found.
C:\Users\Dixie\Downloads\YandexDiskSetupEn.exe => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\[kat.cr]kanye.west.the.life.of.pablo.2016.deluxe.edition.mp3.320kbps.torrent => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\[kat.cr]mýa.smoove.jones.2016.320kbps.pirate.shovon.torrent => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Downloads\[kat.cr]winzip.pro.final.v15.0.serials.chattchitto.rg.torrent => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Documents\CompTIA-A-Exam-Objectives-for-220-901-220-902.pdf => ":$CmdZnID" ADS removed successfully..
C:\Users\Dixie\Documents\Tephlon-Funk-Demo.pdf => ":$CmdZnID" ADS removed successfully..
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8FE266D-20E0-4118-9311-F97F575B0023} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2425C98-BEB9-4ABA-937A-820A5C74CCEA} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC015EBE-81A9-428C-804A-D82203885BDF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1A5541A-2CEA-4376-B404-5A277ACCD750} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77BA1C2A-8EDD-4589-A014-545669CACAED} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32CF72E0-4C55-48A8-8456-4261B5B276CA} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32CF72E0-4C55-48A8-8456-4261B5B276CA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32CF72E0-4C55-48A8-8456-4261B5B276CA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6D47466-F926-4056-96F5-D5E202C7F8E0} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7722383-E074-4B48-BB08-4583300C402E} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84F7C341-4FB9-498B-90F0-8039CFC335F4} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02302D56-22D4-4834-847E-985A61DE91AF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2EFF3D4-FC33-4C89-9B29-8630D27C1D90} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{574CDA3B-1E26-4EC2-9FD7-9E9F903A7A8B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33F72FD4-8035-4DC3-A0DC-52201042C285} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B42EFBEB-2477-45E1-8A7E-1D4D2E69805C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D222E256-2AA0-41AB-A08B-966037B32AEC} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96E3CF41-51C1-4C74-B2DD-B070615FB2FF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83121748-7CAA-4860-BA4B-A113EFB493FD} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FBFBBC2-7777-4A1E-8F4C-A079E1A368FF} => value removed successfully.
C:\Windows\parallel.exe
C:\Windows\parallel.exe => No running process found
C:\Program Files\excellent\unknown.exe
C:\Program Files\excellent\unknown.exe => No running process found
C:\Program Files\excellent\note.exe
C:\Program Files\excellent\note.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cutoauto => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\autoauto => value not found.
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rutoauto => value not found.
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dutoauto => value removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.0Done" => key removed successfully.
"HKCR\CLSID\{581FFA04-FC33-0000-0302-95003A5CDE89}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.0RO" => key removed successfully.
"HKCR\CLSID\{581FFA03-FC33-0000-0302-95003A5CDE89}" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!BTSync2.3.0RW" => key removed successfully.
"HKCR\CLSID\{581FFA02-FC33-0000-0302-95003A5CDE89}" => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully.
AdvancedSystemCareService9 => service removed successfully.
IMFservice => service removed successfully.
LiveUpdateSvc => service removed successfully.
SmartDefragDriver => Service stopped successfully.
SmartDefragDriver => service removed successfully.
catchme => service removed successfully.
FileMonitor => service removed successfully.
RegFilter => service removed successfully.
UrlFilter => service removed successfully.
VGPU => service removed successfully.
C:\Users\Dixie\AppData\Local\yuntnani => moved successfully
C:\Users\Dixie\AppData\Local\{1BDE8D09-86C7-440F-8076-3B4F455C15E1} => moved successfully
C:\Users\Dixie\AppData\Local\{53C741AF-C7E9-4FE5-A708-F16C186624CC} => moved successfully
C:\3116scan.txt => moved successfully
C:\Program Files\Hoistsearch => moved successfully
 
"C:\Users\Dixie\AppData\Roaming\BitTorrent Sync" folder move:
 
Could not move "C:\Users\Dixie\AppData\Roaming\BitTorrent Sync" => Scheduled to move on reboot.
 
C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
"C:\Users\Public\Desktop\Advanced SystemCare 9.lnk" => not found.
C:\Program Files\GUTABCA.tmp => moved successfully
C:\Users\Dixie\AppData\Local\dottmpfile.txt => moved successfully
C:\Users\Dixie\AppData\Local\{1B526BBC-64DC-454D-B399-2D1BD437ECDA} => moved successfully
"C:\Users\Dixie\AppData\Local\{1BDE8D09-86C7-440F-8076-3B4F455C15E1}" => not found.
"C:\Users\Dixie\AppData\Local\{53C741AF-C7E9-4FE5-A708-F16C186624CC}" => not found.
C:\ProgramData\Ament.ini => moved successfully
C:\Program Files\stage => moved successfully
"C:\Windows\swing.exe" => not found.
elated => service removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34E7CB05-3008-4B98-9267-B0EBA88BF7FF} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C4DCD68-7A2D-4A21-96BF-8B157B2B7A8E} => value removed successfully.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-1017554007-2511993129-3492264835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 791.1 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-30 20:59:04)
 
C:\Users\Dixie\AppData\Roaming\BitTorrent Sync => is moved successfully
 
==== End of Fixlog 20:59:04 ====

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 31 March 2016 - 05:33 PM

Thanks for the logs.
 

Do you want to install this certificate?"
Should I click "yes" on the warning?

Your option ''Yes'' may be.Notice which gave software ?

===========================================================================

Step 1:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Step 2:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 3:
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Have a nice day.
:hello:

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 dixie6000

dixie6000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 02 April 2016 - 07:46 PM

I apologize for the late reply. When I first turned on my laptop, I had to do all the steps over in order to post with my computer. I did not know what program the notice was from, but the second time I cleaned my computer, the notice didn't appear. Attached is ComboFix.txt and Result.txt with FSS.txt below.

=================================================================================================

 

Farbar Service Scanner Version: 27-01-2016
Ran by Dixie (administrator) on 02-04-2016 at 20:37:34
Running from "C:\Users\Dixie\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Attached Files



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 03 April 2016 - 09:54 AM

Hi dixie6000,
 
Do you use Yandex ?
=================================================================================
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\windows\system32\7327143.bat
c:\windows\cumbersome.exe


Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

==============================================================================

 

Please download Farbar Recovery Scan Tool (86Bit)  and save it to your desktop.

Start FRST.
Enter Hoistsearch into the Search box.
Hit Search Registry.
When the scan has finished, a Search.txt log is saved at the same location that FRST.exe is located.
Please post it here.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 dixie6000

dixie6000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 03 April 2016 - 03:05 PM

I do use Yandex. Here is the search result for c:\windows\system32\7327143.bat: https://www.virustotal.com/en/file/83d76c5e8496988739bbfb56b11d392bfe28b2512143429dcec463c66bb0d966/analysis/1459712708/

 

and the result of c:\windows\cumbersome.exehttps://www.virustotal.com/en/file/d22fbaa7342b522426fe4a122676a015da2064de357e7dd6dd815de8a5cd5e1e/analysis/1459713232/

 

Attached is Search.txt

Attached Files



#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 03 April 2016 - 05:57 PM

Hi dixie6000,
 

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

:Run CFScript:
Please start by opening Notepad and copy/paste the text in the box into the window:

File::
c:\windows\cumbersome.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\HoistSearch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hoistsearch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Swearware\backup\winsock2\Parameters\AppId_Catalog\012F9CFB]
"AppFullPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\012F9CFB]
"AppFullPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\012F9CFB]
"AppFullPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\012F9CFB]
"AppFullPath"=-

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer


Edited by olgun52, 03 April 2016 - 05:58 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 dixie6000

dixie6000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 03 April 2016 - 11:48 PM

Here is the MBAM log and Combo Fix log.
======================================================================================================================
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/3/2016
Scan Time: 8:47 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.03.05
Rootkit Database: v2016.04.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Dixie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315585
Time Elapsed: 20 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.DotDo, C:\Windows\parallel.exe, 2008, Delete-on-Reboot, [d79a109a1683b5813ca2997d877bf30d]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 25
PUP.Optional.DotDo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\print, Quarantined, [d79a109a1683b5813ca2997d877bf30d], 
PUP.Optional.Komodia, HKLM\SOFTWARE\CLASSES\APPID\{25B1494D-230A-42CF-BBF6-EC73868D13DC}, Quarantined, [db9623873465cb6b9d1b30b46b97f50b], 
PUP.Optional.HoistSearch, HKLM\SOFTWARE\HoistSearch, Quarantined, [4d2402a88c0dca6cbe5d0b8e44c06d93], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataContainer, Quarantined, [a2cf604aebae0630f312d1c28c78dd23], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataContainer.1, Quarantined, [eb86f9b197023afcae570c87d82c13ed], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataController, Quarantined, [056cbded9affd1653acbe7ace123659b], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataController.1, Quarantined, [1d548c1eb9e0bb7b719431624bb9fc04], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataTable, Quarantined, [175a6149abee4ceac73ee0b345bf857b], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataTable.1, Quarantined, [145db7f3c7d22016a263553e1fe523dd], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableFields, Quarantined, [fd74a4065b3e39fde520583b10f46f91], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableFields.1, Quarantined, [bdb41199d2c750e611f4197a47bdb749], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableHolder, Quarantined, [adc4c1e9a1f873c356af613206feb64a], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.DataTableHolder.1, Quarantined, [d79a12988f0a5ed89570553ee81cb749], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.LSPLogic, Quarantined, [284996141c7d4cea51b46033c04428d8], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.LSPLogic.1, Quarantined, [94dd4a60980132040302781bce366997], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.ReadOnlyManager, Quarantined, [e68b49611e7b290d2fd6efa401034cb4], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.ReadOnlyManager.1, Quarantined, [86ebfbaf1c7de551be47bad918ecde22], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.WFPController, Quarantined, [234ee3c7801978be43c273204bb9966a], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\zdengineLib.WFPController.1, Quarantined, [e68b6d3d70295dd929dc5f3411f3b050], 
PUP.Optional.Komodia.WnskRST, HKLM\SOFTWARE\CLASSES\APPID\zdengine.EXE, Quarantined, [6908fbaf0e8b38fe8084583b08fccb35], 
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E9EA7921-3006-491A-A648-7D463CCE1719}, Delete-on-Reboot, [e58cf2b86534270fc62d593e5aaae818], 
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F4D05328-8A31-47D1-BA26-62436255A70F}, Quarantined, [4c250aa061383303a5d3c16603009070], 
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\0sZCRZGiQFj6hFZ3cNfX-ni-2016-02-11-ni-7123-ni-1, Quarantined, [00710aa08c0d201689c67eadf70c6799], 
PUP.Optional.PennyBee, HKLM\SOFTWARE\ZDENGINE, Quarantined, [c0b1b7f3a2f78ea84f284e4be123e818], 
PUP.Optional.PennyBee, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\zdengine, Quarantined, [99d8a00a42571b1b9e81d6c3d62ef709], 
 
Registry Values: 3
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E9EA7921-3006-491A-A648-7D463CCE1719}|Path, \6448398644839864483986448398, Delete-on-Reboot, [e58cf2b86534270fc62d593e5aaae818]
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F4D05328-8A31-47D1-BA26-62436255A70F}|Path, \0sZCRZGiQFj6hFZ3cNfX-ni-2016-02-11-ni-7123-ni-1, Quarantined, [4c250aa061383303a5d3c16603009070]
PUP.Optional.PennyBee, HKLM\SOFTWARE\ZDENGINE|data, 2JMMvWTfZUUc/apSmLyivCXFYJlw5Xmskr6Ty4XI2e0FGiJxYzQEeBFQ4e8c95cYqFjOXiiFDA8hGDQqA6fMZGjz1/mTtLDGQWP9E4KR7uDvTu5Kc3NdCZhnHGRIyuMabcEoSQ7SNCHgr/o51oP5Z+2EzHN9XQfepfkW9NXZS6Y2mEB6SRuUpFBnjRgVj1ENDZKgy2VLLLsSU+DOd6UY1Gf60c024d3mwzG08gjoDos9q83t74eEW1I7FIvy07XBspc4Rj4V746jQEYuuB8+cFqqyB0vyhOn0T5XooE9I/zvTu5Kc3NdCZhnHGRIyuMaJB7O1/R/JYlBY/0TgpHu4FIp+81ybF5QT/XvrC/BS7BGkNjIMdr6rsO0NuykL9wuEVDh7xz3lxitXsZFKweSDaeC75kWAS/xFGQTMNUXrY8jKMtJl2Kiq71J16rZbBSPShvA+EW4gUIQaybMOMBLuL/k0N/mkrykT3ev8ikWo1JzRZxEP7M6GN/Jogivto7IQFh+V+f5IuR9hQX2E98sIHZviU3qgd5BW/0A7cU9pj8nI2MbW1QRRIerFDNCalGf2ZwBEwbLFlc0SPHpl/Yj+wlPFr3rnboq2ZwBEwbLFleKm8Po4KngA1B+bVUKdOY+rop65hQt2R6B63IcTCi9Ukn/ugAY+PzhEVDh7xz3lxjJbC9AFCb4J194QICYX1zjDT8npP5Z5rsRUOHvHPeXGKodt6DuQSnHYBkTj9oVsFDjJw8rrITmxrWafBN9UVSqRE0MZ6h0sjRKGNGU/+OT7KfekR1doLms9yhv6eALCdUNxlVjjZYdt+Xio0LVXhc9jm1IZSLsF7Z2ZD6VAHCFVcNtyNJotOtgi87TEsE8ywtH6VN7/VNt3rPz3SV6BHoJt12QznVls6Ued60rvz/2Q6abg0EPXkFtt12QznVls6Ued60rvz/2Q2EyLNgbs5ayDDUYV55e1QKtyVVDIFPT/2f9ax2s8uo1i87TEsE8ywuypapwXTROgE1SMPvSZv8WuK14OZkrjq9/Kftb4p8j67ddkM51ZbOlHnetK78/9kMhu16mEoX6///QE3OZ4maQrDDe7+AFGVg/fUgtpGa/kSOMPkFv4+RsB5LLDNtv16UQLmdrD3gVzkDShfmBgesoMjKlQ2gnRPSeS9iL+CPHgZDvnsWR7+qdJ087MMrl4M8HkssM22/XpQonlNM0jiCB9SPvkRuNRbJV1G70/tWz6VeEL3OQXLA5hjn7tfIiTUWIklq1qEwTfukZ1GmCxaCMNUKb5FbxiSen3kP+h1Wky4bz3uoSVniBKf6rJM0fJ4KYQI8vHnPsAwonlNM0jiCB9SPvkRuNRbJV1G70/tWz6Sbu0a8C51auhjn7tfIiTUWIklq1qEwTfukZ1GmCxaCMlu7x1tg5d9in3kP+h1Wky4bz3uoSVniBb8qveCLQK0g/R/ceivfU0C/7oTHC+m8NGs8wAEUw7vwm24ct+hDg3wonlNM0jiCB9SPvkRuNRbJV1G70/tWz6ShTOiqlIDmshjn7tfIiTUWIklq1qEwTfukZ1GmCxaCMHn6A8ysXqPmn3kP+h1Wky4bz3uoSVniBKD9NZqAp0PEzgZtZfHv8gy/7oTHC+m8NGs8wAEUw7vy3yqLLgYYQCwonlNM0jiCB9SPvkRuNRbJV1G70/tWz6Vu0dT6dP/P22S4jRPEuN65dcU3x1WnNOIletM5SFYlCnGcUZC2KNMsVDSIOVv4LPW5tSSv+nEkpotElA/nVHTM60K8iA8mQHFMU4Bpev0t7o+NXvCCgjx060K8iA8mQHAeSywzbb9eliV60zlIViUK7GwnWK0u+vRUNIg5W/gs9bm1JK/6cSSlbr8gRT2a7fjrQryIDyZAcImnQ6EPadTzZLiNE8S43rlW8VqQiJ9eQiV60zlIViUL0ZF3D2vo3U5FqwFalnUjMbm1JK/6cSSkpWSwsJjw/lzrQryIDyZAclGvTz3SdLP+P/tctTKa6PTIypUNoJ0T0QTog2qpOGdi8biXFb+7C10thDVVZaq5Y1Oi6U2DZmhxNdq2RRaYH3/GxEGI6Co9jSKq0JNG77Qkoc4eTcWo9wq08RhN4fh00z2GwiRNgKq97HETyPfBkY5hAjy8ec+wD2W/Bld1Pi9hNdq2RRaYH3weSywzbb9el1Oi6U2DZmhxNdq2RRaYH3zUU5/gYfR1KSKq0JNG77Qkoc4eTcWo9wmudhvyi3Yvmz2GwiRNgKq/dApRg1kDT10RyCBdBToPNvG4lxW/uwteYVWZu1oe8JdToulNg2ZocTXatkUWmB9/yPHY0J1yE5kiqtCTRu+0JKHOHk3FqPcJZHemtUOVay89hsIkTYCqvnsT3FbgoX+qIFiRH/XF25LxuJcVv7sLXLbjhEMWlR43U6LpTYNmaHE12rZFFpgffbOBUhh1FZwBIqrQk0bvtCShzh5Nxaj3CmF1GaY1gRdmkZWkfN46pb3UScchv7u14D+Gu1I09TorrRvO1Z4rM0sAnNV4HA+cvSXDiq29NBmdR5UOtfTYyOjSyL+IF2TpMB5LLDNtv16Wu8SnroOv/4FprE8xYNFgxgOMVXqrW/U+yn22DZ6g+q/kRIqgby/QRrDDe7+AFGVh3xxk562jyZ/TH0phyo5RzoNu3CPlsHCn+dzuKoCgWrpO4avRadFSkXmjmzXM3+gqmm4NBD15BbeDuR+WGVsbs65QNWdMxb7Z6jbKa4RGYIaDbtwj5bBwpiwESpOQ+1Cct8mssJN2MLmJZoHIjyUoioXPRMX6ZU2Sg27cI+WwcKaww3u/gBRlYPaZzc5wamfuR4WcSlD5MEJYTud7ALH2CLtHdcW1T3UYZLS410haoNAeSywzbb9elYxNp7V5YOuswvdjueoiK4pYTud7ALH2CagGNtLb1PhFEr8SsnxhPip72rFCz2XLflgveby5dy2XaYr+4ROzBkxI58i4yaIVStFOzbKn5MQ3sTcQcECluTXyKdrZ1I7pX5HE5DjeJmiT55mgCqLnWVXyKdrZ1I7pXokneSQjohaeP6a2HZ+2AsaA51yv1LRXBfYUF9hPfLCB2b4lN6oHeQdCpK2cF12Is/uCFRQscMBZh7DcthvAKcNyeriUws6xLUshJe9ICb4hGUvxBAECOKac7MyzoDLFenuRJVMUtbt9aCip3Afa8QuoRRlhawfd5MxfSsrUsVRQY9gi3zkfwmaC9jmalTKA+ZuqNReryNLXw+V8e22L2TSgHos6MNimzj5c4mZx+xrR8vQNV3IlDa+f5bPyxjYQ7lZ6z1nHMfteqNR6D8VpIMCaz0S8mxJwgAow1Xx0X7j8oB6LOjDYps8KAMZZycQT2jCC1c55vzb0oB6LOjDYps7d2doTxUJSnbHaeMsR4IMVL0bL0NGjh/yzOYBJ390OJ5K8Wb8V73X3io6L7UGgoCGvuOP1Oj0fOJa2yObXxNoS6HLUdZsLy4/S6A7EIRRFDW9JPgDqNzNaj83lZ2lKgwnFdApvBWBOpHRwY/xS8mR7cFLLcKCjfbWDgmGZF5gQVUObMf9nAgUl1CQw3z+f4IXnKp3Ah2GWB18JKBAuhsGOjaz1jrdp0pygHos6MNimzhDQ9bnZN2XPJy/JV0m+py44OzEao46pLn3GoRhQ74tb3h41IGqe+66o1HoPxWkgw4EjI97emyYyf8p0+2hWX/rLcRp8n2bmXocy6neU9iGeRli9pIEhUYt6k7S+wUJtJmHNpyr20/iLJBQtLSm5NO59xqEYUO+LW9HH2GfZL+0JvfZXIQZpZJow27ssvMKmCA35FLUe2gMm32rSJlaTs5ao1HoPxWkgwSqsWGoj4cmDFuZLQx9x2jHnKp3Ah2GWB6F5ZVNMg7KHxrF1olTxEOCgHos6MNimzWMfwIoCg5uPQzl0I/a1/RvQOnGNBVSOewNqoUMWaqknADwDn9Jhsd6ynHRnchMHh4qOi+1BoKAirDuqicyZLyiWtsjm18TaEuhy1HWbC8uP0ugOxCEURQwZ3mvaGiouAr43bFEqsAr0RUOHvHPeXGHgJDBWo4jPcJa2yObXxNoS6HLUdZsLy4/S6A7EIRRFDsc943mwARloDbWzYbCkGKxFQ4e8c95cYTX9EJksiksqBTWaMbI/x3s1IjaZAIdO5n98g58+w4I6vjdsUSqwCvRFQ4e8c95cYa+44/U6PR84lrbI5tfE2hLoctR1mwvLj9LoDsQhFEUOVFNeCiID5VxFQ4e8c95cYa+44/U6PR84G3R+NHWzucHBNAVOe48WezUiNpkAh07kGDaq0sE7N5xFQ4e8c95cYgh9YaWGcYiq94AuHJO6trmV88Lf71sy0tRuBno5ScxnJcFlKxExq00i3a1dsLTIN/v41pVA/qAJ61R7UGX3uBQmmwl+gPPaeGIl0oKVm0umzqTdb9v0wtMcwICSQCa394yyrb5UUzzTjJw8rrITmxuV+yEOEf924q0pfM/4B2GSyxp1LEf4slslNIKT1rS8jDwUZvtGxSJ+3zC+ajmcAwvS6A7EIRRFDOl82jq6qgbhY4z0FREKYow8FGb7RsUift8wvmo5nAML0ugOxCEURQzWaf2+sWndabHtnUJtxX6wnsd/qE4FP9w8FGb7RsUift8wvmo5nAML0ugOxCEURQw0/J6T+Wea7lGE722MD3LGIQ6ZZpqO7SdmliDIHtLn+/JNPbhle9eoFAFxp8xaBc96oF8zaS43H0/ipYHkGWOCPI8nCfXgNN1rHlgwKtMGnmPoQQKu+8wdHRUFmE3V0UEMbzVks2P7C9iFp+i+cJo6DYeHCpnsHOowvkK2vn2ctz+o8q+dP2VsG8MJT9Nq9g/t0P6txt0nRfDm8wxpXus7wmR6TTOssUguhdw1qEbWCHlc9bP/nTIDg7nXQxXrZN+Kwji9TaZtt4N04D5KIyWzucBgjzLve69P4qWB5Bljgj34glz1P8c8F0/Fe9eHYVswkTp+WoQXaes872SuG4BoDiaG56NXRUQ6F/nqXJteOCv2Wa+0wRr9K/qvGV9tfzvsYNEixeYxS0/ipYHkGWOCUweuyEGCbpFQH7joCx9+GFlKoOjd1gsvftG+SPUGwijeRolqTN4esAv69erb55IG0z5C7neTewcz3aExn4nlJnD/uY4xxOMGYM9o/an0vihu2X/jtR9TUOhWoxu5SEfMhTUhRWYX7Gfhf9skd/8h4DPeWTYR8dftc7EXKW/QrTIUjnA9VAOhs2nIk9m28yAxX9InMKdor+Nz6J7MWtP2v0/ipYHkGWOCk66yiNZEHkKPimKLcrsSvDT8npP5Z5rvW7RCpnHEOL3h6giaau5nRro2hn8/8HPAWQ0KQ1tv3/Hh6giaau5nREdnjgUV0C5vgyt671ABXQfjWzgzOBCv5zv+BqXOA6Ek0JaeAF8xxp3mrVVlnYuZro4yNpvvbwNg6XHOez0WnxQdqhJhHQ1X0nT0orYDh+OHDNUl1s9fqk+bVr8DoD1SEo4yNpvvbwNg6XHOez0WnxVkQcT2CaJBHQEnVdwRhnSNqS3yxg6V64Bsoz3F6lNEfqe+mE0/Jc7UQ1zLh1vD7lK8VJfwQEt99KchTG24SAvjeS4UT7bO2G7c8tB2soC+hqaRBLopPSOvpPLWlRdm/7IpSOlZ9j4P4fHMPmEkszMFwcvXW0KK5WTAUFxhzNqbfnS5VsHlC7mZ+N6efuAMrWU6Cx3sQDNiqSqF3XdvHX0Q9f35VORxM/9FK9QtDBkh/Hb9wJwMBjt5igpFQ3CHhOLlPsgXaMikPPewCkkdngfgFVvG2VYaifb3ZcWqrCLi1uR2j4pZNsx3ScGjB9uCwzdHukhuH8V/Efvx/DBbMC1V0mv9M65UgmkDbw2GcPKpddh6HqySuKff5iIMt0oRMPXloXl+dFoIE/jLPBej7f3aHjbKb5Y+jECNjt7ByFBnWzCIwoFZiMSrmGyWapisXscsMOjZ+Buhax4See9p17dGzKBOf529czJ6q99w8UpIg0+l61QEJiy52HoerJK4p98R4u4ew0UE7hjlmF39dzFuSiedJydssuNat8bDYn5elK2XYhrYr9pqKm8Po4KngA9FK9QtDBkh/tZtpfCOSZxmujaGfz/wc8DdWKUT7gnsKj5SdiuGwm6gf7vFTSVBdgIrRLBp8OLWd3F4MuEVPAMp2qvegRn6iXSkQNKJ39VXbWHNejKCfzMlCkrsO+ER9fiohh01OvWzK90GCEENknTi5T7IF2jIpD1sWGcnX6OQSw+QaAGdXV36+MuLgbdJT8ggMJBkWFooPZiT+INUdyb4SoIWD/DFg8xiCpcvdmGz5w98yCheScXPXRoCxIMdktYsl9Yx4Eun9IKPFEnvKCSG/Quse36gnKoEOtxG6wy9P3kl96RAwB+xiXMK6L/2lDNuMbhuf/+Y5X2Dzft/k6FJ7TiMCHzl+b+7yhMptwOrXnbOynZq+2Y8751biEx4EvY4BlNiOJqjxSNXP669ohgBeDLiucACGlJ7VqBeNVp/FC+Ftn5fYKrxUJ4hq+432Fa42lZhBRuJ9rrT/8PUEnGwf3ISQlf/iarx3v9y1aGf6SgPh1/RTOtUONHwB6g3loNbtEKmccQ4vdAqCMHvp4AlyOt0VgxkKhVeSXx/ZL9GyNnLpCpidzx3+tESbJpMgJNDxKrCm+xOAwzG08gjoDottqvcIAus9qFI7FIvy07XB09b3EzorblARXHyaw67WX8MxtPII6A6Lbar3CALrPahSOxSL8tO1wVLr8wYphugQkd6bwTm2DhX9SrvXC68HeNbtEKmccQ4vDXhgmuGE8LT1M2soL89n+leSXx/ZL9Gy4h7WwXiI71g+JigKjviSxDtqDlB/zynALvaz6EaaGuPrQ61kcT4bXy0S+3q3vpM53pvPrFy6kdStkcOuAue34W1oZ+SvgfOspbE2r0wqsTttaGfkr4HzrLQXF39YesBZYaMefog4ZafIx4IOhedoiSD+pfIrProAYaMefog4ZafIx4IOhedoiUqXWdpG5pI/jq8tXrR75b2G6TG6EtcQCx/u8VNJUF2AlRRfQgXxLsukHSvNByps7QPSIVsM/1oYGvu8sr0iaT+ppEEuik9I68053Q6rlczc5Yk5/ITZeobBLW+7rYfeBMKvu9XlHo4IK3q8a6KkuutFvRTe4dYiMRZDQpDW2/f89S023qL0h4vqBe35mQgUr+DK3rvUAFdBti7L6weGl60G8pJ+WJ3WF25z0AaoRFrD8094emLXHXaDwmgRnkfL9MLsJXJ5j4cPCVSTqrlhk09CucH4S5+lKrB6ZhoZyAuFX3hAgJhfXOPfOO9FNzv0DJSiOCfTWrG+zgBjZcqRQ3IYWr8beASU+ZUUX0IF8S7LzgBjZcqRQ3JvqoL+gH8TrCosz2lBsKR2xVwiz+1ulkkIrB0KeApYPVAIOFwTsOb+V+FJo0oNIM/ObyyESv8n01sw3ZaaKIarq6eS92238EmAGBSfKFnks0U219LjE8xohIqktUUZD/efuLG4LqVwr4mj2FNLxbmR/Zh6tMDxlPf+TS8oQAmgly7OE7K2Ipy3vDLq9BCA4VCTYQrlzN2PQrrKPgfcyhGRP93j1bailxQ512obPTSNav2YerTA8ZT30JtZcTUxh3PY/9/jOPIl75VWKGf4mNnjOWEuNrS47f6BOBvQXZPCfEQREsOcFde22t2Fo85qNPKXBDp11wddTTlhLja0uO3+gTgb0F2Twnza6dQrDV4+fYvZKv/41jc7tqebCni4CMe7OMo8583pAOSRvczqxJOHmEdKj2yj9jOssdATbOi7t8S2v9O/VJEAYqc9dHYoM898Xmm8s++z4gsIq4AlWWAOHA7DtouIrPBzbxTcmMdO6vfLOs+t08TlwoAIxvw6Ml2E24jFKJR9WyqOlkw6UEWCd7s92G0749PvITApS4HgSfvuHYv0dDRqV3dbcx63t6WDZvgoYnTVM61KXu6YxaAEtuMXCbQgfcOjLqXrHj4USHi4rYJWB3BO6uba4wXWGiZ9fgTHXuSrgWouO4kvkoeLYfckBLOn54W1pDNRQfbF0LCHhKUXjhSX/tqZO9yUzTU9OWm3gcZ0ah5RxSlfCZdIQyN8GjKDrtx2pTCDx0oZZ4s8OMVnDx3otbsFLAa196r5lsBXzmP8C/CXLcjZW/0a99qI9Aq4m2YODLtvRvn/Z3/RsieRK7eGYi28yR4lC5UNg4SviX32bP2lMCWB7kuvGI0zd2/j2VKcOfSjTlxN3lCZkxNY+l2dcdfcCfpZIRp5q2Ibl8bMWj+74WvvQJHpbTckeBoQk0AKWP8J0k4ZtPaSBvxTtu9CcyEfM+JoTlGjTPHMuBxjFDiFdry+6cD1pJgxWmrDMWYAj4bm0iIQph6Chp/YPytpn2UXZuJhy8TZpaByoY3XUP9jyPJK2a6PaJBL35XfXwEwFc3RhOZtK1R7iSYfXDb8TDVvIxfCxpgvhm3OOvbs8BQFEqQcAnsRyRqHigQ2Ubh6AoCCHCTALANjStCG4x/kiCTtEXqrDwu3RTaG4/kAlBVGBsJOy0WxoVRu1FedjhO2F5EzpwMBCppsYZeUB/nskL0r73SY3413yA9oEgHU4Z3ug59zUGOEBaKyaks4qCEVpyAS8Uk/HDyHy2/pmIvHtFpBAfO3AblBtgzLx3y+ZoPoqFwakwTBGAkdc9oZMmBYQnKVuWrDQqG+8lfgQlVSvnbjrcfuPC/p8bdM0CP6wisbTyEOzvFpDB/463md/QF942XTFgIUiyBYN7I4Ohd2f0AF0tdyY0xwYZQIAgW7q880uLiFcOTq/T/Tnvil8kdgoTaB+FPgWw8rGa4HgR8rWK6i/mHrjN+NVufLFSMj8u+0q5LUZnIhpQwBTgKNR0IG4NjY37MrGMxCtteSydx5AkIoXiSlWlUakA6g5n3DKO+6QuGGc/DnTItM+P8nQ1qqH10QE3rUAEjq5vssfJxCodgA6IdjQogCKpvY3rGKTmUixrC64Cfdo0Ys2wohM9u4Y8Xr3zMkVGs3CAv9kFM7BfMmyubVczLjPcjatt2cYXAYnqrHcGiQMgjE0uyBYhG1/h//QAjJkJRGUTvuWquYc7ZAJ3ZtYc7tHN0WtKjBOgGjRGmFmjasApaKMAGRIeSyglW1vfi4xElSVlmaYpETQQMnyxKvmo+s3eY51orXjXdGUkx+zG8A95DcfgN+WVBEj+4GlU0dWyq3csMM6m0TXT6HkMj5CdbVJqWC3Jwst13aXw0kwjV8PuuGvlOmYoFjla7RkVpG7ACXnbUywUTg5TDksAS8Wk3CCP6fVrQe4GjwpN3s5Rcuw1exHSOpI34Vpk/VutkH117FQ+ojwJutctve3DqONDV427cuiyrOI3Yk6RdY/SB/XcrSS9/SsmCih5ibe3PInkrTTHdgo6fKI8u0UP2zJ2gKGTk2/N6EsvbUKyTDF9p5vuW4YKWV0ocfDIa397t47iaQUtaU3jfl1Yh6kUhsLPTazekL839e41a7KzIx0UpVsrjVbHE7H9sPjRJsGthgRIrruNuCyqxmFYGqexpsQg7K6ONevVQON4slhGzLlgxf4Fb8XShBWs5fhUmTaJWJXH3/N3zvKXiGV9u4vH4owVYLxdTiinnm6UKcWJtlCahSHwVJLpWGH11E+5gdGzRnBmzUr87Xp+EcDES299aQVNFiKHc9udL7FuEjgyN3x183i148t0yel5zEWA3kOqsELhL3eIXvaKLOL48SBHkue6uXc7ILqR3cxOrC5Tqg8i49Ure+bq2KVuXSX9bNcMwHYW92bK5k2stHFDru/M/AVOgzhR7cGD0o5eoCnbAyJpxakUCvh2hHLaOnH3ZLhKJONQrvbTAmLZIrztQzDLTotFgzKjFnkrwXfrfUF7ZrUXXUao/Hq3qGttjUif8nSn/dZeTp4O1Dq/nYvZQ1VLkp1uRBHXWQEeSjYzlP3qgjVwmZ3YkFJhLOGyHPO4qqMxdwkzW3QyZPUdEtplwAJH5dAZjI/pvAaqIMrtR4nHbakcW+GlYMVYUCfgpsW/rz6FKXB/GpTsn1qOPRjS+A2b96wUgmkzxc2hBNY7Gz4EHPj7Ra2m2LF4pSy0WsD+TwLnj4NhnqiV2Pf6fOwfwE4mrLjwuGBLWrJXaBvvcUQwQnaMYLLcCXT8crf8qqUoORuG8euQHH7/WkzR1svI3mBmDjrvWLveixLVoO8o6f6ZaTf5VJ6G/SUI2USORoIqhjwdqRepvBEvoKCaO9Zn9mcmVDOKIgFPEgk01H0y3KAsczqpIzZbe/YxSttWu4BKNrXw8qorYl4ZUkImEb+4UUSpKW/ba/LoYYw4FT6Wqp0v+qBVKJhEpa4evFoSyz89cj3QxX9aQP1fhzdiOTipL8aJJ6PdLvxSLz439+lUtrpIpDaXlLKy141ChB/BFBePap/BrMCdR1unMIPaiHZmQtK7WBTOZdcVYL3ZLP5x+HfxpUTYMznZwOSnjZN0L+CoOKRX6Vknz1xbeJM31YHa7JxD7UjZ68LKw7eZNNptzvrrFp2VQH6RC8zEsNXtqsmCX8MMXIlStrmkx0hrCZmfvXGvGtyAGbca/0DrbdefnDGt6VyZZsOgLw+SA6W3m10tXlB4qcwRiFw3acLYbn7SnKXq+pMf3yoeN8N3UZMW45YngvbTsTda98DVvzASomplWDAz7Uu3y2FXII7Ptd7DAPtFBh97URXlvGUUkjhEjNa1HDfTQwh0zSzqzJw6u8QCVFAQN5eBxnZOzIeAoEs+ueZOneD1oe6A0vaNyrwhthD2+6C6S5a0qIGCjuzu9nnwo+tx8YIEaVuLKxqG+lod6lCLSMpmwmSUJREBGRV3mDb7hLx98LabyqDrCe8dVm0yb7BA5iO0acf6hHUIHbVZvLEnClf/uPew+oBmJSX1pGBsHxkFhhqM63qpkK4ry8G3KfJ80OXAkLaBmlElTGWALh/W4WzB7QaYMQX00YrYrdEMUzJCT6SZwFQapjGKxiCARYNxZ3QH8XHpX17tWcUK5DQb6pbpJAHLltx9GAmh20eBjO8dg/osxqdOpB2M7IK8gB9nQSl2n/mByMJ6O9NqUDQrrtcM7PqF9nwYhnTEVoSoIRxjvlHSMyytpbPQ1MrfyGo8EREiBRo1CZbA2AfR00kTPC0aPzBN0HjDuELoLMcUHVBDScg8lBdJURHcAC7WCeGRiSxjoJmnk0yJVrInZR1DFSCqcaiBPQLud2aeCpLVZd3Ra43Rlu+PEwIfr9III6mFLYULqgSFWUjmhNknU8kBDXFTUru1vVaUsUUJPMHgTu3EtIvYP0xvNVdZPcc24Acy7ZHeatZNwed+F7b5sIcGC44Wir/RJgQZ1jKeqkMOpZJCSlN7E7Dep4vhGwCHbj+YMnoDBFZnQJ7NKSx9KF8EIAYjSzOn5F7dPJR6XnPjJyggCTDHR7qbWMaYvvI30SgALReubFIJup8KDLrfKqb6StpiRQJkCfU6bzRgCQMzOqYpARE0WZTFLr3b28mTB+efhFuytXR114Z9Q8CIKmk9JHpi0tZFIZAp0R9lB+TrJTgWzaVtWXdgZKZyrMkcNXSubdWzq+8t0MWL8n4jeEc+wc2G0aKn+PgGg5v0zKWiJNXjKdhohPANOfu7X9ZebDxq/1rHjCgOWZo61T59UUBcpdwb/ZMafU1/VZ9/IDyW1HJhoW3t7NHo1XWhwqIyiJwlYeeCqzti0RtSy4sSWrXaFaOCXunDTcsei3tR0eCPe+FL6ByanWi1BZJD91uc2RqOBXAAj3qcT3sO3ls+7bKItXCTA+hd0rCvi/ddio4/NDmC8HDqkpDf5fdiCX9uEgUqAVFZuIF62XdlPvrQgVlQ0+phBmI17y87UkSCKIzE5Vs4Lexuy/i97EWefzi6SFCENvW3bzTcHOZ3xP4VLZnr5yCUrDYAWkhumgCqn88W9uAcxrW//AQP/txRRL2xWCVckIAZUFRrtr/ge6QMX9FnILuAHNmEEzxRbkgZiCNWgzEoIr6xWfc2f5WpCamlNrFIU22GpryNXkG4f8D21hXyL0fedqGjbQj4PHl7EP8OPd05tzxVCtDx/FLdf6rxEvtc5m3GiCzR2VBMtBGwBflWB29XmaqlHFABURsO24+Pwx6zfUYY/IikMXyrlDqqm/YbcumgOBDd7kmMO6c4jzksfhFux+mMLmVR9MS2xO0ktYgJBfu//0LBMf5iAHwYWdTi8WTKTyp+o3nW4057sQkDT50EFejWlNwosQSJGJZqU/4WfYZH7iVyzlG3eHqnUICozvtYu/3J2aGB3ze3lqekyMun05iOFfVjSz/zKu5GsrA2JX7ULa1+IsJKNCcZLnG5H+1rwy6vQQgOFQk2EK5czdj0K6yj4H3MoRkT/d49W2opcUOddqGz00jWr9mHq0wPGU93Uem+pQBL78cJjCOfYKwwjPFdZ1eg//uMWDTODJER+NesT7a81mlkMkD58BGfn01aLLJ74hDPj8S2eUUgF4jaacpe82rOyDcEwc9n0/QNBJRiFmJMqfl9eEiqS1RRkP9/eCC1ZrcWgwfozte/z4kuX9mHq0wPGU9/5NLyhACaCX9to/MDo4Qn6E1b9VISUeCwOq4QzTHmY/vX7MtrMcG/paWtiWkOQgYeIdi/Fm7W7oPFiyJDuIhJISgEG+K/C6wfHITI4sfTTpEhRroFNJU5X4RoCFRC/tEt1pXi6Chzz/x7iZ2QmHkMWVlnmqpT0mcjUjRZnH66p5ur9hwdm4fRlY+Pbl2fX6HWMWeEJ7KHiQf9wKzfqHsJC+6SLEbjU0Je/mD68yxkfmsuvrBn1N2gPW3jGca5OPwJqJuNqb0tHzAexN/eBnkYn5kAQrdAlPe3dgJniu7rVEgBhbZ5c+ynNP3Oit5Q2IYFYMjBtQNjhiLGHQ8d1ibj7AnECdYjeUFj4EmITadkAkVyTh6nmbfwGqUthAVqwfGBVPxfj2LSc2wGKtvjBOTsuMEcR00ZxqWJsnl8543O+rqlLYQFasHxgHSpkp0SJ2fk97cDtJoLR6ud0Y+HAiEMVdTUqc6YahWDbxKQxhfEzwa7RFx/kJG5tMz4sKaCpb07EreyIorlygMrsgSzXa+CO84CkkdIPsHzfbYjJEdNon1ElaEU8pK+xUQA0muvaTuw0U45xto+Z4w0v1+Te2x6kblySQ/OvX658BycOp5rhkpS8uU/Qd8MVOjjo+h8EYb51QlBNcYBihG5I6XlPaMjooc+4bMURXeYdn4CJ6TNYJO6LecxcRnS01g+Wy0yQMwmHoh6wtWPTTnuCLlmdbTdsR5wbTD0WbQoouCxaTVX3cKajX2Gy7UypywtgBAt0B8mkZ6N/22WqUqWBxOtlgbuD0HL5M5PpCKQw/Lp6nnxnnICgyXN7jLGs/wmbc+9Io3XaFCxKlSxBjzFv/jxBnM5sYxaqJOMdrLfWFXt+MTv+8ilmuDjy+RV6uLY2zqGq5XbLfHAvD0lLe0o0AD3rDg/68OqEX0oYcC/dRZGfuhfeaSPqqAE9UM7zxAIxaJDgQ2KkdJVyKypTylNcYj1m5Ao8nYkIMFIFMddGK639Y0o2v2LenGYOvmAWSryaTYVdLsBiGt0QGMWA/4gPnlYE3+8Wn2PdSSXuRhNHmq8bsaJXSszZ27l26/MkgYsEoIwMMmPW0E/ky6eIOmQA3jokxMuu2CfZvQ24/jm5SIn/e8Y68cPYNzhV26iU4Ugd43Hh8zQzK8GVnFbIy9uOFqis3MQizwgU5E9FpZVU1CzPLfO6jDMlIxlJz2OCk8FtjowU+hCXwC/2YCwgol6LTZvqoU/OB3mLui6jgkfBnCKee9jemN8AA9QxERFWHG8eNS+Y2apHn1MrkrCj3fvSW17wWsMzgmMdNdniF5ysEF28pqGPeSVai1prLbtWhLgTGCFLWApuceCJFZ0GP7sipKuWLaPSxIysshEjUc4EJ/hcUTHlb9PAjRUqM3086BHC2H59/jcVEaJwstCREAWBFoszeBUxbA9L2ZbL+nP4eKz2yas9bZ8/2CF6NZiMLhLYgCTNY29JgA4pLD8FE8YfriYlHpEcRBHkK5hS5Y71fbuoddiAE4tMROXdCX8Fo0BnaiD/H59Kf22omm0YOXtIvSmAxLn3NZPWTfzWe55PVsvO8f1OlcXDd1J635NyNEg3v3HLg40M2qld2y0HOiHa6Bg6xaQjxRNGqElTyrLL4SdyunLJYrsb7UoaDYVLPfDmg8h/BxZNzFD6Cm0oE2WUV3JhoGOzhmlexJoy7fhEVHodZDwj2d3+o3DDgsz2s4ZJbUFy+wWHpHGqbjs+BYCPYBA6YdrHYRnwcP5GQSaJNQDM6W4Mqf9wKzfqHsJC28/utAThGf8jmtnSR4qLC+B0PVw6AOFhGjzeaiS3RkV/a1UWy16IUohwZNqDLlV3NgyrPe7SH4zi8OEFIkt6vHgwh+qoCiicdfp99o4598wAqtVs+pW4TO2CncMsyEo8VOpj4qjkwH1L9dGFTY6IQnO2kPhDGN+n/J4NY7SFEoIpou5RoHOMYhy1ItDELBmawZEARbf09ne3RlkA9ncc/AdaFff24y4n/wNRwzuH7mg83xPBQYG1K0GcxXuPLOttFv+akJu3RbrOnEQiRnAH4gOmPEN+36EJHup8fOeVCZzBH1+Dn99CR1ft0yvh6hMqKYtKjtSPFvnhhXvoI51e/jPq+25CIZ2T/JQv/Yn6uI6WMuP+Tt3fkkLJlCt7y9xDrWMrB2yeiXTu1rz/Y98cwCzvX2Y/QgSOj2uHg8pB+IMwN2bZChPFNbUaHEMACqf7D/+dOAXXRbk7m1rzZHikPfXgYMP9AAK8wGfTNG3Bf94WJigMqYkplScZrb+hC/mEJI4QxIymI1kYKKy+p5pJ5UVwcHqYyqNyEXy+2zt/wbpvUfu6chPIZ1y9GLyKJ8DiwKu7G7B0LOf36qYUPBPTFiVkFQG0IPUcO3n6QcqQTySSVW9HBrPHas9F2+Eqz7/BVc6I8ozFYAoF9P4DBXvI6CaZc0Efg7W1Lr/naXppN6JSjKFowhWby+lIZ5AfnXR84ZTNYjvqBgpPXoN12LX3URm1c1hBHaRrEyEnU+RVhwYsHM5hTHpUI/oKoxnsY/WLgLjCEFbXQoV0algFWxWXo0mga9ecIpAej5jyMD18QuXzszy1ZeE6iMCdm0nW4JctYFUQSYNVS5yfQLyZghv44zo1+dGgmq0s7a1T5jTE+x3TKRcD/S//HQd/etHwOJVjqAO+VTogPpwBWuLzjdxe8aa1simhaNkl4/C0WOAvG7RSs5bT32gf4//24ChJQDRbHzXxwAc7DCUK1lJZ9c/CZzJPr4tgt0eriA4soDJ9WhZwfuMBfMlRiwGNcZ4qBIiGgiB7gVP5GrgG5xGvlLgZAjaKCsjGxfa4SDqNvXpF4U9Y8gtHIB0cA/Zh6tMDxlPdaPMkGfZSsdj0iKN3LYDLk0ikeOdUvdGlGP0aPbfZRaf2YerTA8ZT3+esE2F6h7/L8WbTzmDlI34P1k+oHHr3bZLgTBLQ3NJQJXNuM2fhB/VU98/5WfSUoK5TVdpWO8LwtY8ZI2crFreMsq2+VFM80YzvmN5MtJejclUEk2WrR2RqhjhKikit6fUt4jj+iWl6Y8/41B/D/l1kNE15uIX4nNfwXRVbi1+F1FK/aKmu6R5Ks1lDzvAdtNlSKtrqpn9wc6mRCkvTOU7v45RyX95voPX9+VTkcTP9jO+Y3ky0l6GZYVLo6zqm4GqGOEqKSK3rKJjbG1XD7opVJPYpVP9rUfzcxG9vBNgkhlqZ5SIVHSwzdFToXahqiNr9AG9EFXi+QjlVhECIfFiTBpLmMIaiuJKH9qaHj4WrXiKfA+1Ki5YI8A/I2tTuUDhUhbbssWHQgGOhrqH/JQUBHILuu/Sb42FWjgArNcJ90piXPGIFPi7HySDoABLsbW79Mi7EzqOirdX7taLRzykj967Fq7X3H1q3xsNifl6XmK6uFiuoBpzmr1UMOOfQ1y8sDrPvnms61G4GejlJzGRiL0cg6/0JUqQMqF54wYv+2sA81ZSiDdTZtdPuXRXQdnuRJVMUtbt9xXQKbwVgTqR0cGP8UvJke3BSy3Cgo320eRBSiRTjyY7nXSGiFnw1//ZnVaEaiTaWgV+CYTGbOT/Pal/TywhKXKAeizow2KbO8Yfnl7KxEply0R3KfvpHnnuRJVMUtbt+lAirjgwmtGUaPMMYCqn7R9A6cY0FVI57gSMj3t6bJjJ/ynT7aFZf+stxGnyfZuZehzLqd5T2IZ5GWL2kgSFRi7p41UY9SJy8GZ1+x/6xI9Av1c/FGWnu5Nzq4cmO1rAhinMG34K2G3a3JVUMgU9P/T1TkH+3JIFZBCMc6Q+CeMeKjovtQaCgIIGHcoa/WO2p7db4on7VhWrOzqaBaUvx6mevVArHHDVlQfm1VCnTmPqZ8uXwQXi9dbG2QjSotkeJQfm1VCnTmPuV+yEOEf924bG2QjSotkeJb0k+AOo3M1hFQ4e8c95cYIqsEzfF/0sP2S9u8GVMk+Z8m02JdOm0hlZmOeFyyAkgRUOHvHPeXGDu6JlPcaFO+veUgs2lpLJRV5gXmHIG7o1B+bVUKdOY+6VNOA/xs1VJsbZCNKi2R4mO9I0P2kLThUH5tVQp05j7lfshDhH/duGxtkI0qLZHilRTXgoiA+VcRUOHvHPeXGIIfWGlhnGIqsdDhjtn5egs6XHOez0WnxZKQJ0qyqpeuah/62PHLjJAWqfhu9UAHBnoCy70lpQmDh3yTUFcYQUQrPCgqiRtfmeac0cnGqnApvFQuXWnxlDJz/vQQQ5Ft/dNQUqYCv6zHxmT3eAJWIvLGsa9/1585gVXyJGZrRM2v2oc48P20eRV1vjq6ga0DS2zeO+QpS0+7qT7MkNgCSPVPvNAtLwTRuUGdlsMdG5ZbLPPJpTywKOySs/0WU7Wi5juTTjYZi8sNSKq0JNG77QmIOAep3f2dG7GRGavR3/15zogioAKEytIoB6LOjDYpsw9oHWuWxTpTAtfUKRDMGQkNLmsZGLHbbBlKEaX1tYYZKAeizow2KbOsM4A2XL8XboqiCygxjHL+C/Vz8UZae7lkR0q90J/0wgsXxIZ8rpNXetY9aO4fCcLMagLn0jRqSi+jbVQq6knuZEdKvdCf9MILF8SGfK6TV/uLmtKcx+GMpj32xd1YdJX0DpxjQVUjnpq75YutGhpn16lfSzLkXoFvvVcuw5XEksb6cFp1hlcnsdrq5+hVC1Vk1gnpub5Nhz5Thxm8sv0FHU1kActnkQ9s3jvkKUtPu6k+zJDYAkj1T7zQLS8E0blBnZbDHRuWW4vTEkL/F6jkIUSjNsxasRCbkWldstoqx7wmCvCIGlYu83z8Z6IMTJfem/7zu7tDdS0mjZMCE0lX8KvmX/NzFXyWC95vLl3LZTNybGmtZGSLz/v34NG3k7GbkWldstoqx/C6JHwsKBTwNLX78shDAHda7fCpwTBq5qC9jmalTKA+ZuqNReryNLUHkssM22/XpYpGYpPPgjDcgqoBnA8+V35s3jvkKUtPu6k+zJDYAkj1T7zQLS8E0bnxASiW2CvKk3++zbk5+gsp3d7hQ6nI/ZKVST2KVT/a1LRTs2yp+TENhnXLBRMOr3Lane3d/8Mp0BObKyOXWsO2gqoBnA8+V35s3jvkKUtPu6k+zJDYAkj1T7zQLS8E0blPevoPlY4le9cg5c/K8kb7eaNf2sxVMAhQfm1VCnTmPqNARi64Hz5w5v6g5TBCYoS8vK2MfChp8icjYxtbVBFEGTkw7MRvEAiI0/KQ+FTSokb0FJDddbDcnybTYl06bSGVmY54XLICSBFQ4e8c95cYmO83hAHlNot5o1/azFUwCLHPeN5sAEZaA21s2GwpBisRUOHvHPeXGDu6JlPcaFO+eaNf2sxVMAhjvSND9pC04VB+bVUKdOY+o0BGLrgfPnDm/qDlMEJihKKkQsUQ4MAy0G3Xs5m79LkJTxa96526KojT8pD4VNKi8axdaJU8RDjjJw8rrITmxoN8eqbxmF17AhU5olJp0wXzEZDI7UUTBpSYYA4jiMhXEVDh7xz3lxg5u1snoZAiRsi6FnqOYD/iah/62PHLjJBQfm1VCnTmPqtwcOgOC7b3wgsXpCZlHF2koRePO71boujurM7CNyXHGIvRyDr/QlQRUOHvHPeXGA==, Quarantined, [c0b1b7f3a2f78ea84f284e4be123e818]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Komodia, C:\Windows\System32\config\systemprofile\AppData\Local\zdengine, Quarantined, [f67b4b5f9504d0660aa54cd9a063619f], 
 
Files: 16
PUP.Optional.DotDo, C:\Windows\parallel.exe, Delete-on-Reboot, [d79a109a1683b5813ca2997d877bf30d], 
PUP.Optional.Komodia.WnskRST, C:\ProgramData\Comodo\Cis\Quarantine\data\{0B07350E-6915-4EDF-9D45-8381B2FC9381}, Quarantined, [561bf2b85742ea4ce334d62814ed1ce4], 
PUP.Optional.Komodia.WnskRST, C:\ProgramData\Comodo\Cis\Quarantine\data\{0FD8B9A3-5316-4F5E-8673-5C60785BEE66}, Quarantined, [94dda406742545f1f91e52acc83945bb], 
PUP.Optional.InstallCore, C:\ProgramData\Comodo\Cis\Quarantine\data\{5D324BC8-8C17-4A71-98D0-AA30EF1F5961}, Quarantined, [6908e1c9f4a5e84e55be18def40da858], 
PUP.Optional.Komodia.WnskRST, C:\ProgramData\Comodo\Cis\Quarantine\data\{770D0703-4E84-4EA1-9B5A-EC42B313EC02}, Quarantined, [9cd5e1c96e2ba5913bdcef0f877a40c0], 
PUP.Optional.DotDo, C:\ProgramData\Comodo\Cis\Quarantine\data\{7E375CB6-3527-40A0-A37C-A7538B7ED4E0}, Quarantined, [5f121892e4b5b0866b73ee282dd531cf], 
PUP.Optional.DotDo, C:\ProgramData\Comodo\Cis\Quarantine\data\{D0B76176-DC62-4C7E-A25B-0155CCC75365}, Quarantined, [f9782189eaaf65d136a8c84e47bba15f], 
PUP.Optional.InstallCore, C:\ProgramData\Comodo\Cis\Quarantine\data\{DBAE5CFB-76BE-46BA-A1FE-BDC0C1EB82D9}, Quarantined, [076abbefb8e1171f54bf985eb74a2ed2], 
PUP.Optional.Komodia.WnskRST, C:\ProgramData\Comodo\Cis\Quarantine\data\{E2770A2B-611D-4FCD-8701-C4C19417DC4D}, Quarantined, [b3bea4068316191d19fec6387c85e41c], 
PUP.Optional.Komodia.WnskRST, C:\ProgramData\Comodo\Cis\Quarantine\data\{FFE00EDE-3E6A-4BD9-8BDD-24944FD6CAAE}, Quarantined, [51203f6b297058de25f2b44afa079967], 
PUP.Optional.DotDo, C:\Program Files\excellent\note.exe, Quarantined, [a4cd38724b4e3501726ce036877bfb05], 
PUP.Optional.DotDo, C:\Program Files\wandering\lewd.exe, Quarantined, [4130cbdfd8c140f62cb2b660a16102fe], 
PUP.Optional.DotDo, C:\Program Files\NewInternet\app.exe, Quarantined, [acc526843c5db2840f4226fa8a78f50b], 
PUP.Optional.DotDo, C:\Windows\cumbersome.exe, Quarantined, [beb3affb3564d6607569d44222e08e72], 
PUP.Optional.Komodia.WnskRST, C:\Windows\System32\zdengineOff.ini, Quarantined, [d79a9d0d96031521d72cace720e415eb], 
PUP.Optional.Komodia, C:\Windows\System32\config\systemprofile\AppData\Local\zdengine\zdengine.ini, Quarantined, [f67b4b5f9504d0660aa54cd9a063619f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
======================================================================================================================
 
ComboFix 16-04-01.01 - Dixie 04/03/2016  22:29:56.8.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3062.1299 [GMT -4:00]
Running from: c:\users\Dixie\Desktop\ComboFix.exe
Command switches used :: c:\users\Dixie\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\cumbersome.exe"
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-04 to 2016-04-04  )))))))))))))))))))))))))))))))
.
.
2016-04-04 02:38 . 2016-04-04 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-03 20:40 . 2016-04-04 01:13 -------- d-----w- c:\users\Dixie\AppData\Roaming\BitTorrent Sync
2016-04-03 02:20 . 2016-04-03 02:20 -------- d-----w- c:\program files\iPod
2016-04-03 02:20 . 2016-04-03 02:20 -------- d-----w- c:\program files\iTunes
2016-03-31 00:44 . 2016-03-31 00:44 -------- d-----w- c:\users\Dixie\AppData\Roaming\ZAM
2016-03-30 21:01 . 2016-03-31 00:26 179960 ----a-w- c:\windows\system32\drivers\zam32.sys
2016-03-30 21:01 . 2016-03-31 00:43 -------- d-----w- c:\program files\Zemana AntiMalware
2016-03-30 21:00 . 2016-03-31 00:26 179960 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2016-03-30 21:00 . 2016-03-30 21:00 -------- d-----w- c:\users\Dixie\AppData\Local\Zemana
2016-03-30 20:42 . 2016-03-30 20:42 -------- d-----w- c:\program files\VS Revo Group
2016-03-29 20:46 . 2016-03-29 20:46 0 ---ha-w- c:\users\Dixie\AppData\Local\BIT7178.tmp
2016-03-29 00:14 . 2016-04-03 20:00 -------- d-----w- C:\FRST
2016-03-26 17:20 . 2016-03-26 17:20 -------- d-----w- c:\program files\Apple Software Update
2016-03-26 17:10 . 2016-03-26 17:10 -------- d-----w- c:\programdata\Comodo Downloader
2016-03-25 23:14 . 2016-04-03 20:45 -------- d-----w- c:\program files\Common Files\COMODO
2016-03-25 22:32 . 2016-03-25 22:32 -------- d-----w- c:\users\Default\AppData\Local\Google
2016-03-25 21:41 . 2016-03-25 21:41 -------- d-----w- c:\users\Dixie\AppData\Local\GWX
2016-03-21 01:49 . 2016-03-21 01:49 -------- d-----w- C:\RegBackup
2016-03-21 01:49 . 2016-03-21 01:49 -------- d-----w- c:\program files\Tweaking.com
2016-03-13 20:03 . 2016-02-19 18:41 958464 ----a-w- c:\windows\system32\aeinv.dll
2016-03-13 20:03 . 2016-02-11 14:07 552960 ----a-w- c:\windows\system32\generaltel.dll
2016-03-13 20:03 . 2016-02-05 14:07 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-03-13 20:03 . 2016-02-05 14:07 591872 ----a-w- c:\windows\system32\invagent.dll
2016-03-13 20:03 . 2016-02-05 14:07 424960 ----a-w- c:\windows\system32\devinv.dll
2016-03-12 05:56 . 2016-03-12 06:05 -------- d-----w- c:\program files\AdwCleaner
2016-03-09 03:55 . 2016-04-04 02:38 -------- d-----w- c:\users\Dixie\AppData\Local\temp
2016-03-08 21:26 . 2016-03-25 17:56 -------- d-----w- c:\windows\system32\appraiser
2016-03-08 21:26 . 2016-03-08 21:26 -------- d-s---w- c:\windows\system32\CompatTel
2016-03-08 21:25 . 2016-03-25 23:50 -------- d-s---w- c:\windows\system32\GWX
2016-03-07 00:49 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2016-03-07 00:49 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2016-03-07 00:49 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2016-03-07 00:49 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2016-03-07 00:49 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2016-03-07 00:49 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2016-03-07 00:49 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2016-03-07 00:41 . 2016-03-07 00:41 -------- d-----w- c:\windows\Migration
2016-03-07 00:37 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
2016-03-07 00:37 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
2016-03-07 00:37 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
2016-03-07 00:33 . 2016-03-07 00:33 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2016-03-07 00:33 . 2016-03-07 00:33 176128 ----a-w- c:\windows\system32\aepic.dll
2016-03-07 00:33 . 2016-03-07 00:33 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2016-03-07 00:33 . 2016-03-07 00:33 844288 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2016-03-07 00:31 . 2016-03-07 00:31 2048 ----a-w- c:\windows\system32\tzres.dll
2016-03-07 00:30 . 2016-03-07 00:30 937984 ----a-w- c:\windows\system32\diagtrack.dll
2016-03-07 00:29 . 2016-03-07 00:29 92160 ----a-w- c:\windows\system32\sechost.dll
2016-03-07 00:29 . 2016-03-07 00:29 364544 ----a-w- c:\windows\system32\tracerpt.exe
2016-03-07 00:29 . 2016-03-07 00:29 82944 ----a-w- c:\windows\system32\logman.exe
2016-03-07 00:29 . 2016-03-07 00:29 40448 ----a-w- c:\windows\system32\typeperf.exe
2016-03-07 00:29 . 2016-03-07 00:29 37888 ----a-w- c:\windows\system32\relog.exe
2016-03-07 00:29 . 2016-03-07 00:29 17408 ----a-w- c:\windows\system32\diskperf.exe
2016-03-07 00:29 . 2016-03-07 00:29 179200 ----a-w- c:\windows\system32\wintrust.dll
2016-03-07 00:29 . 2016-03-07 00:29 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2016-03-07 00:29 . 2016-03-07 00:29 1174528 ----a-w- c:\windows\system32\crypt32.dll
2016-03-07 00:29 . 2016-03-07 00:29 103936 ----a-w- c:\windows\system32\cryptnet.dll
2016-03-07 00:29 . 2016-03-07 00:29 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2016-03-07 00:27 . 2016-03-07 00:27 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2016-03-06 22:21 . 2016-03-08 21:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-04 01:18 . 2016-03-02 02:22 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-04 00:41 . 2016-03-02 02:20 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-04 00:41 . 2016-03-02 02:20 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-04 00:41 . 2016-03-02 02:20 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-21 19:19 . 2015-08-05 05:31 102184 ----a-w- c:\windows\system32\drivers\inspect.sys
2016-03-21 19:19 . 2015-08-05 05:31 52312 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2016-03-21 19:19 . 2015-11-18 22:14 643032 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2016-03-21 19:18 . 2015-11-18 22:14 27488 ----a-w- c:\windows\system32\drivers\cmderd.sys
2016-03-21 19:17 . 2015-08-05 05:29 44000 ----a-w- c:\windows\system32\cmdcsr.dll
2016-03-21 19:17 . 2015-09-03 16:52 461648 ----a-w- c:\windows\system32\guard32.dll
2016-03-21 19:12 . 2015-08-05 05:27 295608 ----a-w- c:\windows\system32\cmdvrt32.dll
2016-03-21 19:11 . 2015-08-05 05:26 46776 ----a-w- c:\windows\system32\cmdkbd32.dll
2016-03-07 00:32 . 2016-03-07 00:32 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2016-03-07 00:32 . 2016-03-07 00:32 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2016-03-07 00:32 . 2016-03-07 00:32 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2016-03-07 00:32 . 2016-03-07 00:32 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-03-07 00:32 . 2016-03-07 00:32 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2016-02-11 23:51 . 2016-02-11 23:22 19 ----a-w- c:\windows\system32\7327143.bat
2016-02-11 23:22 . 2016-02-11 23:22 42734 ----a-w- c:\windows\spotty.exe
2016-02-09 09:24 . 2016-02-09 09:24 59440 ----a-w- c:\windows\system32\offreg.dll
2016-02-05 03:13 . 2016-02-05 03:13 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-02-05 03:13 . 2016-02-05 03:13 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-01-22 06:06 . 2016-02-09 22:54 169984 ----a-w- c:\windows\system32\winsrv.dll
2016-01-22 06:04 . 2016-02-09 22:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:04 . 2016-02-09 22:54 535040 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:02 . 2016-02-09 22:54 114176 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:02 . 2016-02-09 22:54 176128 ----a-w- c:\windows\system32\msorcl32.dll
2016-01-22 06:02 . 2016-02-09 22:54 293888 ----a-w- c:\windows\system32\KernelBase.dll
2016-01-22 05:59 . 2016-02-09 22:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-22 05:01 . 2016-02-09 22:54 271360 ----a-w- c:\windows\system32\conhost.exe
2016-01-22 04:51 . 2016-02-09 22:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-22 04:51 . 2016-02-09 22:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-22 04:51 . 2016-02-09 22:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-22 04:51 . 2016-02-09 22:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-16 18:36 . 2016-02-09 22:54 1413632 ----a-w- c:\windows\system32\ole32.dll
2016-01-12 21:13 . 2016-01-12 21:13 305664 ----a-w- c:\windows\system32\gdi32.dll
2016-01-12 21:13 . 2016-01-12 21:13 509952 ----a-w- c:\windows\system32\qedit.dll
2016-01-12 21:13 . 2016-01-12 21:13 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2016-01-12 21:13 . 2016-01-12 21:13 970240 ----a-w- c:\windows\system32\msmpeg2adec.dll
2016-01-12 21:13 . 2016-01-12 21:13 902144 ----a-w- c:\windows\system32\WMADMOD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 829952 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2016-01-12 21:13 . 2016-01-12 21:13 739328 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 3209728 ----a-w- c:\windows\system32\mf.dll
2016-01-12 21:13 . 2016-01-12 21:13 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 815616 ----a-w- c:\windows\system32\WMADMOE.DLL
2016-01-12 21:13 . 2016-01-12 21:13 740352 ----a-w- c:\windows\system32\wmpmde.dll
2016-01-12 21:13 . 2016-01-12 21:13 728576 ----a-w- c:\windows\system32\mcmde.dll
2016-01-12 21:13 . 2016-01-12 21:13 67584 ----a-w- c:\windows\system32\devenum.dll
2016-01-12 21:13 . 2016-01-12 21:13 665088 ----a-w- c:\windows\system32\WMVXENCD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 609280 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2016-01-12 21:13 . 2016-01-12 21:13 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 519680 ----a-w- c:\windows\system32\qdvd.dll
2016-01-12 21:13 . 2016-01-12 21:13 489984 ----a-w- c:\windows\system32\evr.dll
2016-01-12 21:13 . 2016-01-12 21:13 358400 ----a-w- c:\windows\system32\WMVSENCD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 354816 ----a-w- c:\windows\system32\mfplat.dll
2016-01-12 21:13 . 2016-01-12 21:13 241152 ----a-w- c:\windows\system32\MPG4DECD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 241152 ----a-w- c:\windows\system32\MP43DECD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 206848 ----a-w- c:\windows\system32\qasf.dll
2016-01-12 21:13 . 2016-01-12 21:13 1568768 ----a-w- c:\windows\system32\WMVENCOD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 153600 ----a-w- c:\windows\system32\COLORCNV.DLL
2016-01-12 21:13 . 2016-01-12 21:13 1329664 ----a-w- c:\windows\system32\quartz.dll
2016-01-12 21:13 . 2016-01-12 21:13 1325056 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2016-01-12 21:13 . 2009-07-14 00:07 1202688 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2016-01-12 21:13 . 2016-01-12 21:13 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2016-01-12 21:13 . 2016-01-12 21:13 79872 ----a-w- c:\windows\system32\MP3DMOD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 53248 ----a-w- c:\windows\system32\mfvdsp.dll
2016-01-12 21:13 . 2016-01-12 21:13 5120 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2016-01-12 21:13 . 2016-01-12 21:13 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2016-01-12 21:13 . 2016-01-12 21:13 4608 ----a-w- c:\windows\system32\ksuser.dll
2016-01-12 21:13 . 2016-01-12 21:13 415744 ----a-w- c:\windows\system32\MP4SDECD.DLL
2016-01-12 21:13 . 2016-01-12 21:13 338944 ----a-w- c:\windows\system32\SysFxUI.dll
2016-01-12 21:13 . 2016-01-12 21:13 23040 ----a-w- c:\windows\system32\mfpmp.exe
2016-01-12 21:13 . 2016-01-12 21:13 206848 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2016-01-12 21:13 . 2016-01-12 21:13 2048 ----a-w- c:\windows\system32\mferror.dll
2016-01-12 21:13 . 2016-01-12 21:13 193536 ----a-w- c:\windows\system32\ksproxy.ax
2016-01-12 21:13 . 2016-01-12 21:13 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2016-01-12 21:13 . 2016-01-12 21:13 154112 ----a-w- c:\windows\system32\VIDRESZR.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    YndCase0Sync]
@="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
[HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
2015-12-29 10:51 1293664 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    YndCase1Modified]
@="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
[HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
2015-12-29 10:51 1293664 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    YndCase2Error]
@="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
[HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
2015-12-29 10:51 1293664 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    YndCase3Shared]
@="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
[HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
2015-12-29 10:51 1293664 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-02-25 02:38 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-02-25 02:38 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-02-25 02:38 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_0179E60883E7711365672AA93BCDDE53"="c:\program files\Google\Chrome\Application\chrome.exe" [2016-03-31 874136]
"BitTorrent Sync"="c:\users\Dixie\AppData\Roaming\BitTorrent Sync\BTSync.exe" [2016-04-03 8909816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-03-12 25577864]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2016-03-26 1491128]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2016-03-31 12832496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-04-03 164152]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2016-03-24 2485944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\COMODO\GeekBuddy\launcher.exe "unit_manager.exe" [2016-3-11 55480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-01-09 136048]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x]
R2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2015-12-03 327680]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2016-03-26 1670840]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-01-09 136048]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-08 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-12-03 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-12-02 20256]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2014-12-25 35064]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2016-03-21 27488]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2016-03-21 643032]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2016-03-21 52312]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-12-20 23840]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [2016-03-31 179960]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [2016-03-31 179960]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [2016-04-03 76984]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [2016-03-24 2485944]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [2015-10-28 1042808]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2015-10-28 307576]
S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [2016-03-31 12832496]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2015-12-05 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ   DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-31 00:00 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-31 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-01-09 02:27]
.
2016-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-01 04:47]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Dixie\AppData\Roaming\Mozilla\Firefox\Profiles\3maj1h1b.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3320)
c:\windows\System32\npmproxy.dll
.
Completion time: 2016-04-03  22:41:35
ComboFix-quarantined-files.txt  2016-04-04 02:41
ComboFix2.txt  2016-04-04 02:17
ComboFix3.txt  2016-04-03 00:05
ComboFix4.txt  2016-03-28 22:55
ComboFix5.txt  2016-04-04 02:28
.
Pre-Run: 507,879,211,008 bytes free
Post-Run: 507,829,219,328 bytes free
.
- - End Of File - - FC4A6FD4F25E1CD55F35BACA5ADFB1B1
A36C5E4F47E84449FF07ED3517B43A31
 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 04 April 2016 - 01:58 PM

Hi again,

 

Thanks for the Logs. Please do the following.

 

Step 1:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 2:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 dixie6000

dixie6000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 04 April 2016 - 05:24 PM

Hello again! Attached is system-log.txt, mbar.txt, and the RogueKiller report.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users