Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox has stopped working


  • This topic is locked This topic is locked
18 replies to this topic

#1 Bulova

Bulova

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 08 February 2017 - 11:13 AM

Hello, I am having a problem with my Firefox browser and I think it could be due to malware or perhaps a hijack of some kind, I do not know. I have tried everything. A few weeks ago, when I opened up my Firefox, the first thing that I noticed was that my bookmark toolbar was not showing up anymore. The second thing I noticed was that I could not visit any web pages at all. This problem has persisted after: 

- Completely uninstalling, running CCleaner to clear the registry, and reinstalling: after I did this, the only way that I could open and use Firefox was by clicking the Refresh Firefox button. The problem is, every time I launch Firefox, I have to click this button, which restarts it again and it works only for the length of the browser session.

- Running a full scan with MalwareBytes: it found a PuP called GeekBuddy

- Running a full scan with BitDefender which found nothing

- Running a full scan with Super Anti-Spyware, which found some Flash tracking software

- Running a full scan with Adwcleaner, which found about six things and I cleared them all.

- TDSKiller, which found one thing and I quarantined it.

 

After each scan, I repeated the uninstall, the CCleaner, the reinstall. I even went through my hard drive manually looking for any Firefox files and deleting everything.

 

Can you help me? This is so frustrating, I feel like I have some malware or spyware or a virus.

 

Thanks in advance,

 

Z.

 

=========================FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Hothen (administrator) on HOTHEN-HP (08-02-2017 08:00:08)
Running from C:\Users\Hothen\Downloads
Loaded Profiles: Hothen (Available Profiles: Hothen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Hothen\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-02-10] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-27] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2017-01-20] (Piriform Ltd)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [Google Update] => C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [Spotify Web Helper] => C:\Users\Hothen\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-11] (Spotify Ltd)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-07] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe -update activex
AppInit_DLLs: acaptuser64.dll => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2011-05-08]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Hothen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2011-07-29]
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.69.40.3 208.69.40.4
Tcpip\..\Interfaces\{5C681BB8-5A21-4A0B-8CF5-18C6FCD9C643}: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{F005019A-5A09-465D-84F7-CB500BF40B5B}: [DhcpNameServer] 208.69.40.3 208.69.40.4
 
Internet Explorer:
==================
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {463C9611-AA50-407B-A5DD-0FAED000F72A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {66A0ADF1-9100-4301-B2E5-C6D2191B69D4} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ED0B2250-CB5A-413D-89B8-9DCC0F70D5AA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-03-16] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-03-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Hothen\AppData\Roaming\Mozilla\Firefox\Profiles\fgg8hzmb.default-1486540893196 [2017-02-08]
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-03-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-03-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-05-08] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-07-17] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-05-08] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/O1DPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 6
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Default [2017-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-02-07]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-25]
CHR Extension: (Google Drive) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25]
CHR Extension: (YouTube) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-25]
CHR Extension: (Google Search) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-25]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-02-07]
CHR Extension: (Postman) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-26]
CHR Extension: (OpenTok Screen Sharing for meet.tokbox.com) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gloebbmiakfjnkcohlmbciijakonfehm [2016-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-02-07]
CHR Extension: (Google Slides) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-26]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-26]
CHR Extension: (Google Drive) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (YouTube) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (Google Search) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (Google Sheets) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5 [2017-02-07]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-28]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6 [2017-02-08]
CHR Extension: (Google Slides) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-05]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-05]
CHR Extension: (Google Drive) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-05]
CHR Extension: (YouTube) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-05]
CHR Extension: (Google Sheets) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-07] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-05-21] (Adobe Systems Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2273424 2016-10-04] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-25] (COMODO)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-07-25] (Macrovision Europe Ltd.) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2017-02-07] (Bitdefender)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-07] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-15] () [File not signed]
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-03-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2016-03-16] (Oracle Corporation)
U3 amgcuzsb; C:\Windows\System32\Drivers\amgcuzsb.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-08 08:00 - 2017-02-08 08:01 - 00022854 _____ C:\Users\Hothen\Downloads\FRST.txt
2017-02-08 07:59 - 2017-02-08 08:00 - 00000000 ____D C:\FRST
2017-02-08 07:59 - 2017-02-08 07:59 - 02421248 _____ (Farbar) C:\Users\Hothen\Downloads\FRST64.exe
2017-02-08 00:01 - 2017-02-08 00:01 - 00000000 ____D C:\Users\Hothen\Desktop\Old Firefox Data
2017-02-08 00:00 - 2017-02-08 00:00 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-08 00:00 - 2017-02-08 00:00 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-08 00:00 - 2017-02-08 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-07 23:11 - 2017-02-07 23:11 - 01304400 _____ C:\Users\Hothen\Downloads\Autoruns.zip
2017-02-07 23:11 - 2017-02-07 23:11 - 00037821 _____ C:\Users\Hothen\Desktop\MTB.txt
2017-02-07 23:10 - 2017-02-07 23:18 - 00000000 ____D C:\AdwCleaner
2017-02-07 23:09 - 2017-02-07 23:10 - 04015056 _____ C:\Users\Hothen\Downloads\AdwCleaner.exe
2017-02-07 22:56 - 2017-02-07 22:57 - 00037821 _____ C:\Users\Hothen\Downloads\MTB.txt
2017-02-07 22:55 - 2017-02-07 22:55 - 00892416 _____ (Farbar) C:\Users\Hothen\Downloads\MiniToolBox.exe
2017-02-07 22:54 - 2017-02-07 22:54 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-02-07 22:44 - 2017-02-07 22:54 - 00659902 _____ C:\TDSSKiller.3.1.0.12_07.02.2017_22.44.45_log.txt
2017-02-07 22:39 - 2017-02-07 22:40 - 00209280 _____ C:\TDSSKiller.3.1.0.12_07.02.2017_22.39.12_log.txt
2017-02-07 22:38 - 2017-02-07 22:38 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Hothen\Downloads\tdsskiller.exe
2017-02-07 19:42 - 2017-02-07 22:42 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8a4d964c-25e3-4d9e-bb82-dcc9170ce293.job
2017-02-07 19:42 - 2017-02-07 22:42 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 22fcc24d-c265-4010-aa1d-d7289d8ffcfa.job
2017-02-07 19:42 - 2017-02-07 19:42 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 22fcc24d-c265-4010-aa1d-d7289d8ffcfa
2017-02-07 19:42 - 2017-02-07 19:42 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 8a4d964c-25e3-4d9e-bb82-dcc9170ce293
2017-02-07 19:42 - 2017-02-07 19:42 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\SUPERAntiSpyware.com
2017-02-07 19:41 - 2017-02-07 19:41 - 00001768 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-02-07 19:41 - 2017-02-07 19:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-02-07 19:41 - 2017-02-07 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-07 19:41 - 2017-02-07 19:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-07 19:40 - 2017-02-07 19:40 - 29170976 _____ (SUPERAntiSpyware) C:\Users\Hothen\Downloads\SAS_4848.EXE
2017-02-07 19:16 - 2017-02-07 19:16 - 00245424 _____ C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1 (1).exe
2017-02-05 12:19 - 2017-02-05 12:19 - 00473182 _____ C:\Users\Hothen\Desktop\bookmarks.html
2017-02-05 10:24 - 2017-02-05 10:24 - 00037787 _____ C:\Users\Hothen\Downloads\40000000187.pdf
2017-01-29 12:56 - 2017-01-29 12:56 - 00245424 _____ C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1.exe
2017-01-29 09:20 - 2017-01-29 09:20 - 00000037 _____ C:\Users\Hothen\Desktop\book-list.txt
2017-01-18 15:21 - 2017-01-18 15:21 - 00224218 _____ C:\Users\Hothen\Desktop\TechSmith - Order Confirmation (Order #10193909305).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-08 07:50 - 2011-07-29 07:25 - 00000000 ____D C:\Users\Hothen\Documents\My Safes
2017-02-08 07:50 - 2011-07-29 07:25 - 00000000 ____D C:\Users\Hothen\AppData\Local\PasswordSafe
2017-02-08 07:49 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-08 07:49 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-08 07:45 - 2016-11-16 07:57 - 00000000 ____D C:\Users\Hothen\AppData\LocalLow\Mozilla
2017-02-08 07:38 - 2012-05-02 13:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-08 07:38 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-07 19:18 - 2010-12-29 10:35 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\Mozilla
2017-02-07 19:05 - 2014-08-29 09:01 - 00000000 ____D C:\Users\Hothen\AppData\Local\Adobe
2017-02-06 20:21 - 2015-09-11 06:51 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:21 - 2015-09-11 06:51 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 19:37 - 2009-07-13 21:13 - 00896830 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-06 19:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-05 12:16 - 2015-01-28 20:33 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\Spotify
2017-02-05 09:54 - 2015-01-28 20:38 - 00000000 ____D C:\Users\Hothen\AppData\Local\Spotify
2017-02-04 09:58 - 2014-07-17 08:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-30 20:49 - 2013-02-16 07:32 - 00000000 ____D C:\Users\Hothen\Desktop\jobs
2017-01-29 10:42 - 2011-01-23 09:24 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\BitTorrent
2017-01-29 09:56 - 2015-01-26 19:07 - 00000000 ____D C:\Program Files\COMODO
2017-01-29 09:56 - 2013-01-18 09:20 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-01-20 16:51 - 2014-08-02 13:03 - 00000000 ____D C:\Program Files\CCleaner
2017-01-18 15:21 - 2011-03-30 17:43 - 00000000 ____D C:\Users\Hothen\AppData\Local\CutePDF Writer
2017-01-18 13:10 - 2012-11-22 19:25 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHothen
2017-01-18 13:10 - 2012-11-22 19:25 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForHothen.job
2017-01-16 08:25 - 2010-12-29 11:16 - 00000000 ____D C:\Users\Hothen\Documents\Technology
 
==================== Files in the root of some directories =======
 
2011-05-12 17:14 - 2011-10-13 14:16 - 0001854 _____ () C:\Users\Hothen\AppData\Roaming\GhostObjGAFix.xml
2011-09-25 06:29 - 2011-09-25 06:29 - 0126632 _____ () C:\Users\Hothen\AppData\Local\ars.cache
2011-09-25 06:30 - 2011-09-25 06:30 - 0831072 _____ () C:\Users\Hothen\AppData\Local\census.cache
2011-07-11 05:07 - 2011-07-11 05:07 - 0000036 _____ () C:\Users\Hothen\AppData\Local\housecall.guid.cache
2012-09-19 19:38 - 2015-12-24 22:29 - 0007611 _____ () C:\Users\Hothen\AppData\Local\resmon.resmoncfg
2012-12-15 17:27 - 2012-12-15 17:27 - 1963321 _____ () C:\ProgramData\1355618656.bdinstall.bin
2013-01-18 09:14 - 2013-01-18 09:14 - 0222160 _____ () C:\ProgramData\1358527767.bdinstall.bin
2015-01-14 07:22 - 2015-01-14 07:22 - 0044168 _____ () C:\ProgramData\1421248900.bdinstall.bin
2015-01-14 07:53 - 2015-01-14 07:53 - 0367868 _____ () C:\ProgramData\1421249915.bdinstall.bin
2015-01-14 07:39 - 2015-01-14 07:39 - 0034635 _____ () C:\ProgramData\1421249935.bdinstall.bin
2012-04-09 14:41 - 2016-03-06 10:16 - 0001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-11-20 00:55 - 2010-11-20 00:55 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-10 20:02 - 2010-07-10 20:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-11-20 00:54 - 2010-11-20 00:54 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-10 19:55 - 2010-07-10 19:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-20 00:53 - 2010-11-20 00:53 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-11-20 00:54 - 2010-11-20 00:54 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-10 19:54 - 2010-07-10 19:55 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-10 19:56 - 2010-07-10 20:02 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-11-20 00:55 - 2010-11-20 00:55 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
ZeroAccess:
C:\Windows\Installer\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}
 
ZeroAccess:
C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}
C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}\@
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-10-05 08:11
 
==================== End of FRST.txt ============================
 
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 AM

Posted 08 February 2017 - 11:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [Google Update] => C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
AppInit_DLLs: acaptuser64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/O1DPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
U3 amgcuzsb; C:\Windows\System32\Drivers\amgcuzsb.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
C:\Windows\System32\Drivers\amgcuzsb.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Please post the logs and let me know what problem persists.

P.S.
Post also the Addition.txt file that was created by the Farbar tool.
I need to analyze it.

#3 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 08 February 2017 - 12:16 PM

OK thanks nasdaq!!! I will do this tonight. In the meantime, here is Addition.txt. Should have been attached.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Hothen (08-02-2017 08:02:24)
Running from C:\Users\Hothen\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-29 17:50:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-654563078-3100643807-1293613149-500 - Administrator - Disabled)
Guest (S-1-5-21-654563078-3100643807-1293613149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-654563078-3100643807-1293613149-1004 - Limited - Enabled)
Hothen (S-1-5-21-654563078-3100643807-1293613149-1000 - Administrator - Enabled) => C:\Users\Hothen
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.1.88 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM-x32\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.6.1.0168 - DT Soft Ltd)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{097E183F-FE88-41B8-ABE0-C730DD4AE48F}) (Version: 2.22.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 52.15.25.665 - Comodo)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{AE4025FC-99DA-42AB-84CF-AD246C13FD1A}) (Version: 28.12.1.16851 - Cisco WebEx LLC)
COMODO Firewall (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)
CopyTrans Suite Remove Only (HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\CopyTrans Suite) (Version: 2.15 - WindSolutions)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
GedScape version 2.5.01 (HKLM-x32\...\GedScape_is1) (Version:  - Tenset Technologies Ltd)
Genymotion version 2.6.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.6.0 - Genymobile)
Git version 1.9.5-preview20141217 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Heroku Toolbelt 3.37.7 (HKLM-x32\...\Heroku Toolbelt_is1) (Version: 3.37.7 - Heroku, Inc.)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Standard 2003 (HKLM-x32\...\{91530409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.315.0 - Tracker Software Products (Canada) Ltd.)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Ruby 1.9.3-p448 (HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p448 - RubyInstaller Team)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden
Sony Sound Forge Audio Studio 9.0 (HKLM-x32\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WinHTTrack Website Copier 3.48-19 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)
Word Menus (HKLM-x32\...\Wright_Works_WordMenus) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-654563078-3100643807-1293613149-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hothen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04DC3A79-6FAF-47C3-8251-D052B16F42B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-01-20] (Piriform Ltd)
Task: {127562E0-FACA-43ED-8B99-63F4F8C03251} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-654563078-3100643807-1293613149-1000Core => C:\Users\Hothen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {16EB9C1B-1FDF-4389-A300-DE52926A34CA} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {1E5FEFB0-C921-48A0-9CFF-4F4331E7EB75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1FB86D26-714D-4BE3-AC57-87A061661156} - System32\Tasks\HPCeeScheduleForHothen => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {2A935CC7-13B9-4A78-B406-11A0071A2DA3} - System32\Tasks\{D3182CF2-4ABA-4D4B-94D3-859AFC705215} => pcalua.exe -a "C:\Users\Hothen\Downloads\Lightroom_5_LS11 (1).exe" -d C:\Users\Hothen\Downloads
Task: {2E6C78F6-D8A3-4EC4-B0FF-E8274D877D91} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {46D3D9B8-2B6C-4885-8B4E-8B98AB3C7B91} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-25] (COMODO)
Task: {4AB138E1-388D-4D7F-BF7C-306480247418} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5E127DD9-8C14-4DF1-8FBC-3A9AA6971A95} - System32\Tasks\{C04B7B5D-191D-4EC8-A6DF-DBADEB35784E} => pcalua.exe -a C:\Users\Hothen\Desktop\oxy-gen_full_map.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {727D8F16-8FD0-4B13-801D-FDD27319E345} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO)
Task: {8A6E2FCA-FAA5-4668-A4EA-1E77B70DAF8E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 22fcc24d-c265-4010-aa1d-d7289d8ffcfa => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2017-02-07] (SUPERAdBlocker.com)
Task: {D7B3F3EB-25FE-451C-8D19-EF66B34B34DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D805624F-52EA-4470-8763-974997808E84} - System32\Tasks\SUPERAntiSpyware Scheduled Task 8a4d964c-25e3-4d9e-bb82-dcc9170ce293 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2017-02-07] (SUPERAdBlocker.com)
Task: {E8BCB0AC-F740-4591-959E-7FFFB4E932EE} - System32\Tasks\{E0AA3644-B593-4B93-B13B-CAEEDD26711B} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {EF4A3362-98EE-455C-8DCE-ED53DF646ABE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {F0278CF9-4B40-4DD1-A4D0-AD6B5BF1EF5A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-654563078-3100643807-1293613149-1000UA => C:\Users\Hothen\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F3BF85B3-CE51-48E8-A674-85FD65BAF4B6} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-25] (COMODO)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForHothen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 22fcc24d-c265-4010-aa1d-d7289d8ffcfa.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8a4d964c-25e3-4d9e-bb82-dcc9170ce293.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Hothen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 1.9.3-p448\Interactive Ruby.lnk -> C:\Program Files (x86)\Heroku\ruby-1.9.3\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\Hothen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 1.9.3-p448\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Program Files (x86)\Heroku\ruby-1.9.3\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Hothen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\Hothen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Hothen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-07 19:29 - 2017-02-07 19:29 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2017-02-07 19:29 - 2017-02-07 19:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2011-03-30 17:42 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2015-04-16 16:42 - 2015-04-16 16:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-16 12:03 - 2016-12-16 12:03 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-29 15:09 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-02-06 20:20 - 2017-02-01 01:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 20:20 - 2017-02-01 01:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-04-07 21:35 - 2016-04-07 21:36 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-04-07 21:35 - 2016-04-07 21:36 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\py.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\pyw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AdobePDF.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aaclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\avchv.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Desktop\Aaron - Rental Resume.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\calibre-2.22.0.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Desktop\calibre-2.22.0.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\chart-explains-aperture-shutter-and-iso.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\httrack-3.48.19.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Desktop\KonstanciaResume.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\Link to Royalty.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\never10.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Desktop\never10.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\never10.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Desktop\punography.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\Tech Comm Talent-Tokbox Recruiting Agreement.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Hothen\Desktop\Tech Comm Talent-Tokbox Recruiting Agreement.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\tokbox-logo_horizontal.eps:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\tools_v6.2.1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Desktop\torbrowser-install-4.0.8_en-US.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Desktop\torbrowser-install-4.0.8_en-US.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\10.1.4_AdbeRdr1014_en_US.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\10.1.4_AdbeRdr1014_en_US.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\10.1.4_AdbeRdr1014_en_US.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\1440346351858:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\1440346645308:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\1441127541346:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\40000000187.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\440858 - Enrollment Documents.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\7.0_AdbeRdr70_enu.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\7.0_AdbeRdr70_enu.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\7.0_AdbeRdr70_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\8198-WebsiteSampleIncomeCalculations 090514.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\9.0_AdbeRdr90_en_US.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\9.0_AdbeRdr90_en_US.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\9.0_AdbeRdr90_en_US.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\acrobat-reader-11-0-01-AdbeRdr11001_en_US (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\acrobat-reader-11-0-01-AdbeRdr11001_en_US.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\AdobeDownloadAssistant (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\AdwCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\AdwCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\AlamoMobileTicket-0801-WKWFL86.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\android-studio-bundle-141.2456560-windows.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\android-studio-bundle-141.2456560-windows.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\android-studio-bundle-141.2456560-windows.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\Autoruns.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\BMR Ownership Application Form 061316.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\customer_type-profile-accelerator-02102016.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Developers.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\EllisLast5Years.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Emily - Sr Tech Writer.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Emily+-+Doc+Mgr.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Equifax_FACT_Rpt_04072016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 36.0.4.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 36.0.4.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 36.0.4.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\genymotion-2.6.0-vbox.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\genymotion-2.6.0-vbox.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\genymotion-2.6.0-vbox.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\GraphML-6195.xml:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\heroku-toolbelt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\heroku-toolbelt.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\heroku-toolbelt.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\ITCAvantGarde.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\jdk-7u79-windows-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\jdk-7u79-windows-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\jdk-7u79-windows-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\KonstanciaResume (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\MiniToolBox.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\MiniToolBox.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\MiniToolBox.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\Moonjee (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\Moonjee.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\muli.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\opentok-android-sdk-2.7.0.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\org.sfsuperiorcourt.CGC08480001.204.0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\org.sfsuperiorcourt.CGC10504679.1.0.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\PXCViewer_x64.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\python-3.4.3.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\San Francisco Ellis Act Map (1).kml:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\San Francisco Ellis Act Map (2).kml:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\San Francisco Ellis Act Map (3).kml:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\San Francisco Ellis Act Map (4).kml:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\San Francisco Ellis Act Map.kml:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\SAS_4848.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\SAS_4848.EXE:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\SAS_4848.EXE:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\tdsskiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\tdsskiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\TSSWG_RESTful_API_Risks_and_Vulnerabilities_Final_2014-12-03 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\TSSWG_RESTful_API_Risks_and_Vulnerabilities_Final_2014-12-03 (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\TSSWG_RESTful_API_Risks_and_Vulnerabilities_Final_2014-12-03.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\USMS_member_card_3865-03MHJ.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\W4 (2016).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\w_turbotax_1040_dlx_2014.180.0101.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\w_turbotax_1040_dlx_2015.190.0105.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\w_turbotax_1040_dlx_2015.190.0105.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\w_turbotax_1040_dlx_2015.190.0105.exe:BDU [0]
AlternateDataStreams: C:\Users\Hothen\Downloads\xampp-win32-5.6.19-0-VC11-installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Hothen\Downloads\xampp-win32-5.6.19-0-VC11-installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Hothen\Downloads\xampp-win32-5.6.19-0-VC11-installer.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47614543.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47614543.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4791 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2011-07-11 06:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 208.69.40.3 - 208.69.40.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 3
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Hothen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Hothen\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\Hothen\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Hothen\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1472561C-A7B9-412A-8335-513E4CEA34AD}] => C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{6FA08125-2B24-4A62-A034-95ACC94A643D}] => C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{A12D552F-1DE9-4FC9-B3EE-09BF2AAD9885}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8017E949-0C5F-47E6-8BC8-126002C94AAE}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4C8392E-6CBA-4ACB-8FD6-7DE62935EDAF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{776B1D6F-61AF-40D8-A9F0-8122D2A93FC0}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6FCC4936-C845-46C8-B60B-70CC6A2BDA02}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7626F06-C66E-4028-9E23-975E8B32D65B}] => C:\Program Files (x86)\Brother\Brmfl10d\BrStDvPt.exe
FirewallRules: [{6C2A8D5C-0835-4EC0-8EEB-D50F9740C715}] => C:\Program Files (x86)\Brother\Brmfl10d\BrStDvPt.exe
FirewallRules: [{8601926C-E923-426B-92FF-288C4AFA23C3}] => C:\Program Files (x86)\Brother\Brmfl10d\BrStDvPt.exe
FirewallRules: [{0ACC57A1-1E84-4646-8FC9-CB439F306E1E}] => C:\Program Files (x86)\Brother\Brmfl10d\BrStDvPt.exe
FirewallRules: [{8652A4AA-B888-4A2D-A244-92C9F287B394}] => C:\Program Files (x86)\Brother\Brmfl10d\BrRemPnP.exe
FirewallRules: [{657EF2F8-4A7B-409C-84C8-203462A9BB28}] => C:\Program Files (x86)\Brother\Brmfl10d\BrRemPnP.exe
FirewallRules: [{94E61D63-5C30-4CBD-A94A-BE6B620BA153}] => C:\Program Files (x86)\Brother\Brmfl10d\BrRemPnP.exe
FirewallRules: [{E54B1FB5-0649-4C34-80C8-508C0631A00F}] => C:\Program Files (x86)\Brother\Brmfl10d\BrRemPnP.exe
FirewallRules: [{1727F8DE-A619-4DBE-B628-C338D3FBC27A}] => C:\Program Files (x86)\Brother\Brolink\Brolink0.exe
FirewallRules: [{5FA1B9FA-61F6-48FB-B106-5495529713A1}] => C:\Program Files (x86)\Brother\Brolink\Brolink0.exe
FirewallRules: [{32FE4B78-DE50-4D13-B2FA-2850012EFB5C}] => C:\Program Files (x86)\Brother\Brolink\Brolink0.exe
FirewallRules: [{5F329567-7DBF-4321-8362-112B06DB69CB}] => C:\Program Files (x86)\Brother\Brolink\Brolink0.exe
FirewallRules: [{99A1E9AB-C79F-4D49-BEBC-B72107440DC8}] => C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
FirewallRules: [{1212E56B-9AF5-4735-9A1F-AA322A8EEDC0}] => C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
FirewallRules: [{FB26B762-0A2B-404E-97A6-3288EA108BBB}] => C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
FirewallRules: [{0A797190-5344-4750-92CB-C93A8EB58B4E}] => C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
FirewallRules: [{763DF508-4A62-4327-A27B-9D2C5F58C6E1}] => E:\start.exe
FirewallRules: [{AA06872D-678D-40B7-9980-64237DFF7906}] => E:\start.exe
FirewallRules: [{75960571-8A9E-43B8-BDFB-BE67A10FA4C1}] => E:\start.exe
FirewallRules: [{63AF9063-C199-40B7-8DAD-A39DE2E8E65A}] => E:\start.exe
FirewallRules: [{D4495FE6-CD3E-4095-BF9F-2FAE1838F733}] => C:\Users\Hothen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FF242168-9F70-494A-89C3-5DC16035319F}] => C:\Users\Hothen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1E9A284A-E13F-4E0F-AE5B-0855A0C8AA12}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A1395F99-6C40-4588-9C3A-514F40A0D3C1}] => C:\Users\Hothen\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{CA9BB12A-A916-4C9F-B116-EE5F02FD3BF2}] => C:\Users\Hothen\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E420207A-F706-4E87-A126-504C566948CB}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{CC4AE03F-F1A3-4F36-A1B3-E88DC6B80B1B}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{07DF2299-49DA-4EC3-B7DF-FBD75D152485}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6BE0EE93-7B54-48EF-BE95-40B6EA3E19E5}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2B78F5ED-AE62-462C-97DE-2AE10EEDB2B7}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BE789B28-CA36-4F98-896B-8B12B7FABACD}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A179511D-870C-4BF2-A862-2C4DA455F80F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1055CCC1-B01E-4DD4-AD98-01D95A6C9FB4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89CC1B7F-E452-4407-B518-E140EDAAD6E5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
25-09-2016 13:35:57 Windows Update
06-10-2016 16:52:42 Scheduled Checkpoint
08-10-2016 09:31:01 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2017 07:36:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (02/05/2017 12:27:43 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/05/2017 12:27:43 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/05/2017 12:27:43 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/05/2017 12:27:43 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (02/05/2017 12:27:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/05/2017 12:27:41 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (02/05/2017 12:27:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/05/2017 12:27:41 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (02/05/2017 12:27:41 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (02/08/2017 07:38:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
trufos
 
Error: (02/07/2017 11:21:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2017 11:19:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
trufos
 
Error: (02/07/2017 11:18:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (02/07/2017 11:18:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/07/2017 11:17:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/07/2017 11:17:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/07/2017 11:17:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RtVOsdService Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/07/2017 11:17:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/07/2017 11:17:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-09-10 08:58:13.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 19:46:53.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 19:36:36.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 19:08:14.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 18:48:15.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 11:43:04.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 11:27:19.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 11:21:05.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 09:20:21.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-11 08:43:39.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00173_004\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 2933.86 MB
Available physical RAM: 630.71 MB
Total Virtual: 5865.9 MB
Available Virtual: 2873 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:280.56 GB) (Free:65.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.23 GB) (Free:2.46 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 880AFEC3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

Edited by nasdaq, 20 February 2017 - 07:27 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 AM

Posted 08 February 2017 - 01:34 PM

You should not use two Ant--virus software in real time.
This will only slowdown your computer.
I suggest you disable Bitdefender.

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}

AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
===

No malware was found on your log.
When all is well you should update these programs


For your added security I suggest that you update the following programs.

JAVA

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/

==============

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Remove these old versions in bold via the Control Panel > Programs > Programs and Features if still present.

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)

#5 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 09 February 2017 - 01:26 AM

Hi nasdaq,

 

Thank you so much!!! I ran these programs that you recommended and they found some stuff. Really awesome! I don't know how this could have happened, I am pretty careful! Good to be rid of these terrible malware/viruses. Still having the same problems with my Firefox. I am not sure why I have two antiviruses, I will look into this. I had hoped for one firewall and one anti-virus, but they seem to combine these more and more these days, to the point they cannot be extricated, it seems. Really annoying. Let me look into this. Here are the logs as you had requested.

 

 

 

FIXLOG.TXT

=========

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Hothen (08-02-2017 20:21:37) Run:1
Running from C:\Users\Hothen\Downloads
Loaded Profiles: Hothen (Available Profiles: Hothen)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [Google Update] => C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
AppInit_DLLs: acaptuser64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/O1DPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
U3 amgcuzsb; C:\Windows\System32\Drivers\amgcuzsb.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
C:\Windows\System32\Drivers\amgcuzsb.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
"acaptuser64.dll" => Value data removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => value removed successfully
HKCR\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => value removed successfully
HKCR\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => key not found. 
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect => key removed successfully
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin => key removed successfully
C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => not found.
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\MozillaPlugins\@talk.google.com/O1DPlugin => key removed successfully
C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npo1d.dll => not found.
C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => key removed successfully
amgcuzsb => service not found.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\vmci => key removed successfully
vmci => service removed successfully
HKLM\System\CurrentControlSet\Services\VMnetAdapter => key removed successfully
VMnetAdapter => service removed successfully
"C:\Windows\System32\Drivers\amgcuzsb.sys" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7096963 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 11294250 B
Edge => 0 B
Chrome => 55882580 B
Firefox => 6439072 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 288100 B
systemprofile32 => 49700 B
LocalService => 33326 B
NetworkService => 0 B
Hothen => 11450485 B
 
RecycleBin => 0 B
EmptyTemp: => 96.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:24:20 ====

 

 

ROGUEKILLER

============

RogueKiller V12.9.7.0 (x64) [Feb  6 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hothen [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/08/2017 20:38:53 (Duration : 00:50:18)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 4 ¤¤¤
[Root.ZeroAccess][Folder] C:\Windows\Installer\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}\L -> Deleted
[Root.Wajam][File] C:\Users\Hothen\AppData\Local\Comodo\Chromodo\User Data\SwReporter\4.30.1\software_reporter_tool.exe -> Deleted
[Root.ZeroAccess][Folder] C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}\L -> Deleted
[Root.ZeroAccess][Folder] C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}\U -> Deleted
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] e3d93d7debd6ce4ff79f9edaa5ba5150
[BSP] 8d646a5a2b092bf0710e567cc6e1cd7c : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 287296 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 588791808 | Size: 17645 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 

 

 

JRT LOG

=======

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Hothen (Administrator) on Wed 02/08/2017 at 21:44:24.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 6 
 
Successfully deleted: C:\ProgramData\1355618656.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1358527767.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1421248900.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1421249915.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1421249935.bdinstall.bin (File) 
Successfully deleted: C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6} (Empty Folder)
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/08/2017 at 22:12:09.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 AM

Posted 09 February 2017 - 08:49 AM

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Keep me posted.

#7 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 10 February 2017 - 01:59 AM

Wow, nasdaq, this is so great, I have my Firefox back again. It sucks I had so much spyware, malware, and even a rootkit but now at least it is cleaned up. What I ended up doing was to uninstall Firefox again and I ran the CCleaner and I deleted everything and it finally works again. Thanks!!!! Awesomeness.  :thumbsup:  :love4u:



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 AM

Posted 10 February 2017 - 09:46 AM

Good work.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 11 February 2017 - 03:55 PM

Hi nasdaq, Thanks again for all of your help. I think I was hacked, someone was also making charges on my credit card. :( I am trying to update my Windows and unfortunately, I can't seem to manage to get the Windows updates working. The last time that my Windows was updated was Oct of last year. It seems that my Windows Updates were frozen at that point in time and no matter what I do I cannot get them to move beyond this date. When I click Check for Updates, it just shows a progress bar like it is doing something but it is not. It just hangs there indefinitely. I also tried to use the windows standalone updater http://superuser.com/questions/951960/windows-7-sp1-windows-update-stuck-checking-for-updates and this one is the same it hangs on scanning your system for updates. In addition, I followed the instructions from Microsoft here https://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-update-hangs-on-checking-for-updates/b762abf5-655c-4a60-aabc-9f59785bd8d9 and it still does not work. Actually, I get an access denied on this command  ren %systemroot%\SoftwareDistribution SoftwareDistribution.old. Not sure what to do, do you think I might still have a virus or something? Thanks again for all your help!!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 AM

Posted 12 February 2017 - 09:49 AM

Microsoft launched a Windows error code troubleshooting site.
Now you can finally get an answer on those strange error codes

https://support.microsoft.com/en-gb/help/10164/fix-windows-update-errors


It supports Windows 7, Windows 8.1 and Windows 10. The site offers different options based on the operating system you select.

If you select Windows 10, you will be asked to download the Windows Update Troubleshooter and run it. For Windows 8.1 and Windows 7 users, you get different troubleshooters for their respective operating systems.

Some of the repair options provided by the tool:

Repair Windows Update Database corruption.
Repair Windows update components.
Fix Windows Firefox blocking connections to Windows Update on the PC.
Contact a network or system administrator, or ISP, to fix internet connectivity issues.
Check whether default Windows Update data locations have changed.
Fix improperly configured security settings, or missing settings.
Check for missing or corrupt files.
Fix service registration is missing or corrupt.
Fix system date and time aren’t correct.

It doesn't look like they spent a lot of time on this tool, but it should do its job and help get answers to error codes and fix the basic Windows problems users encounter.

Source:
http://www.networkworld.com/article/3152602/windows/microsoft-launches-a-windows-error-code-troubleshooting-site.html

p.s.
Execute these fixes one by one.
Reboot after each fix and test if the problem persists.

If you get any error message please note and post them for my review.

#11 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 12 February 2017 - 01:44 PM

OK great, thanks so  much nasdaq. I ran this wizard and it did find something that it fixed. Here are the results of the wizard. It reported that "Service registration is missing or corrupt" and claims that it has fixed this issue. However, it also reports that "Problems installing recent updates" was not fixed. I rebooted and everything but even after it has fixed this issue, my Windows update hangs on "Checking for updates" as before. Also, when I try to apply a 12 MB update from my queue, it also hangs, claiming that it is downloading this update....but still at 0%....for hours. 

 

If I am still having problems, wizard advises me to return to a recent Windows restore point. However, I am concerned that if I do that, I will go back to that time when I had all of those terrible viruses. Time for new laptop?  :unsure: Thanks nasdaq! 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 AM

Posted 12 February 2017 - 02:04 PM


Before doing any Update Microsoft will create a restore point.

I suggest you restore this one. Prior to Oct. last year.
25-09-2016 13:35:57 Windows Update

Let it finish.

Restart the computer normally when done.
===

Execute the Windows Updates

Select only the important updates are available

Click the Install Updates button.

Let it finish.

It's important that you let it finish. The computer will probably restart a few time.
You should wait until you get the Control Panel back before using the computer.

p.s.
Since the restore is Sept 2016 no malware that was installed after that date will be restored.

To make sure your computer is clean I suggest your run the Farbar tool again and post fresh FRST and Addition.txt logs.


You may have to reinstall the Farbar program.

#13 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 17 February 2017 - 12:14 PM

Good news nasdaq, after a week of trying everything under the sun, I finally managed to get my Windows Update unstuck. I am back in the green there at last. I reran FRST and it reports the following.

 

 

 

 
FRST.TXT
========
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Hothen (administrator) on HOTHEN-HP (17-02-2017 07:57:10)
Running from C:\Users\Hothen\Downloads
Loaded Profiles: Hothen (Available Profiles: Hothen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Hothen\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Hothen\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-02-10] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-27] (COMODO)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2017-01-20] (Piriform Ltd)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [Google Update] => C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [Spotify Web Helper] => C:\Users\Hothen\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-11] (Spotify Ltd)
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-07] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe -update activex
AppInit_DLLs: acaptuser64.dll => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2011-05-08]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Hothen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2011-07-29]
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.69.40.3 208.69.40.4
Tcpip\..\Interfaces\{5C681BB8-5A21-4A0B-8CF5-18C6FCD9C643}: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{F005019A-5A09-465D-84F7-CB500BF40B5B}: [DhcpNameServer] 208.69.40.3 208.69.40.4
 
Internet Explorer:
==================
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-654563078-3100643807-1293613149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {463C9611-AA50-407B-A5DD-0FAED000F72A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {66A0ADF1-9100-4301-B2E5-C6D2191B69D4} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ED0B2250-CB5A-413D-89B8-9DCC0F70D5AA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-03-16] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-03-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} -  No File
Toolbar: HKU\S-1-5-21-654563078-3100643807-1293613149-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Hothen\AppData\Roaming\Mozilla\Firefox\Profiles\fgg8hzmb.default-1486540893196 [2017-02-17]
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-03-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-03-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-05-08] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2017-02-16] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-05-08] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @talk.google.com/O1DPlugin -> C:\Users\Hothen\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-654563078-3100643807-1293613149-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hothen\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 6
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Default [2017-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-02-12]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-25]
CHR Extension: (Google Drive) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25]
CHR Extension: (YouTube) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-25]
CHR Extension: (Google Search) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-25]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-02-12]
CHR Extension: (Postman) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-26]
CHR Extension: (OpenTok Screen Sharing for meet.tokbox.com) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gloebbmiakfjnkcohlmbciijakonfehm [2016-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-02-12]
CHR Extension: (Google Slides) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-26]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-26]
CHR Extension: (Google Drive) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (YouTube) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (Google Search) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (Google Sheets) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5 [2017-02-12]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Profile: C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6 [2017-02-17]
CHR Extension: (Google Slides) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-05]
CHR Extension: (Google Docs) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-05]
CHR Extension: (Google Drive) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-05]
CHR Extension: (YouTube) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-05]
CHR Extension: (Google Sheets) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-12]
CHR Extension: (Gmail) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\Hothen\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-07] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-05-21] (Adobe Systems Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2273424 2016-10-04] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-25] (COMODO)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-07-25] (Macrovision Europe Ltd.) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2017-02-07] (Bitdefender)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-03-07] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-15] () [File not signed]
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-03-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2016-03-16] (Oracle Corporation)
U3 a4athin0; C:\Windows\System32\Drivers\a4athin0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 07:56 - 2017-02-17 07:56 - 02422272 _____ (Farbar) C:\Users\Hothen\Downloads\FRST64 (1).exe
2017-02-17 07:38 - 2017-02-17 07:38 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-17 07:38 - 2017-02-17 07:38 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-16 23:26 - 2017-02-16 23:26 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-16 23:26 - 2017-02-16 23:26 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-16 23:26 - 2017-02-16 23:26 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-16 23:26 - 2017-02-16 23:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-16 23:26 - 2017-02-16 23:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-16 23:26 - 2017-02-16 23:26 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-16 23:26 - 2017-02-16 23:26 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-16 23:26 - 2017-02-16 23:26 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-16 23:26 - 2017-02-16 23:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-16 23:26 - 2016-11-12 11:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-16 23:26 - 2016-11-12 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-16 23:26 - 2016-11-12 10:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-16 23:26 - 2016-11-12 10:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-16 23:25 - 2017-02-16 23:25 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-02-16 23:25 - 2017-02-16 23:25 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-02-16 23:25 - 2017-02-16 23:25 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-16 23:25 - 2017-02-16 23:25 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-02-16 23:25 - 2017-02-16 23:25 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-16 23:25 - 2017-02-16 23:25 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-16 23:25 - 2017-02-16 23:25 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-02-16 23:25 - 2017-02-16 23:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-16 23:25 - 2017-02-16 23:25 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-02-16 23:25 - 2017-02-16 23:25 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-16 23:25 - 2017-02-16 23:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-02-16 23:25 - 2017-02-16 23:25 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-02-16 23:25 - 2017-02-16 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-02-16 23:25 - 2017-02-16 23:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-02-16 23:25 - 2017-02-16 23:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-02-16 23:25 - 2016-10-11 05:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-16 23:25 - 2016-10-11 05:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-16 23:24 - 2017-02-16 23:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-02-16 23:24 - 2017-02-16 23:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-16 21:02 - 2017-02-16 21:02 - 00000000 ____D C:\Users\Hothen\Downloads\win7
2017-02-16 21:00 - 2017-02-16 21:00 - 01381582 _____ (Igor Pavlov) C:\Users\Hothen\Downloads\7z1604-x64.exe
2017-02-16 21:00 - 2017-02-16 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-16 21:00 - 2017-02-16 21:00 - 00000000 ____D C:\Program Files\7-Zip
2017-02-16 20:49 - 2017-02-16 20:50 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Hothen\Downloads\rufus-2.12 (1).exe
2017-02-16 19:57 - 2017-02-16 20:02 - 00737280 _____ C:\Users\Hothen\Downloads\Unconfirmed 685450.crdownload
2017-02-15 21:19 - 2017-02-16 21:05 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-02-15 21:19 - 2017-02-15 21:19 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Hothen\Downloads\rufus-2.12.exe
2017-02-15 20:14 - 2017-02-15 20:54 - 2048196608 _____ C:\Users\Hothen\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD (1).iso
2017-02-15 19:39 - 2006-08-25 17:54 - 125057534 _____ C:\Users\Hothen\Desktop\IconExperience 2.0 (2006) bundle.zip
2017-02-15 19:38 - 2014-06-05 18:59 - 05211878 _____ C:\Users\Hothen\Desktop\APIs_A_Strategy_Guide.zip
2017-02-15 19:03 - 2017-02-15 19:04 - 00000000 ____D C:\Users\Hothen\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-02-15 19:03 - 2017-02-15 19:03 - 00002524 _____ C:\Users\Hothen\Desktop\Windows 7 USB DVD Download Tool.lnk
2017-02-15 19:03 - 2017-02-15 19:03 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-02-15 19:02 - 2017-02-15 19:02 - 02721168 _____ (Microsoft Corporation) C:\Users\Hothen\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2017-02-13 08:14 - 2017-02-13 08:14 - 00023552 _____ () C:\Users\Hothen\Downloads\VCdControlTool.exe
2017-02-13 08:13 - 2017-02-13 08:13 - 00016400 _____ C:\Users\Hothen\Downloads\etilqs_IX5PKwDIHby8U5R
2017-02-13 08:13 - 2017-02-13 08:13 - 00004104 _____ C:\Users\Hothen\Downloads\etilqs_NsxcL7pO7KomH7l
2017-02-13 08:10 - 2017-02-13 08:10 - 00061064 _____ C:\Users\Hothen\Downloads\winxpvirtualcdcontrolpanel_21.exe
2017-02-13 07:37 - 2017-02-13 08:01 - 2048196608 _____ C:\Users\Hothen\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
2017-02-13 07:07 - 2017-02-13 07:07 - 00313366 _____ C:\Users\Hothen\Downloads\WindowsUpdateDiagnostic (1).diagcab
2017-02-12 18:55 - 2017-02-12 20:40 - 00000000 ____D C:\Windows\CheckSur
2017-02-12 15:24 - 2017-02-12 15:34 - 564744309 _____ C:\Users\Hothen\Downloads\Windows6.1-KB947821-v34-x64.msu
2017-02-12 14:47 - 2017-02-12 14:47 - 00000267 _____ C:\Users\Hothen\Desktop\dllerrors.txt
2017-02-12 12:04 - 2017-02-12 12:05 - 00313366 _____ C:\Users\Hothen\Downloads\WindowsUpdateDiagnostic.diagcab
2017-02-12 09:20 - 2017-02-12 09:19 - 00063449 _____ C:\Users\Hothen\Desktop\_C__Users_Hothen_AppData_Local_ElevatedDiagnostics_25602.pdf
2017-02-12 09:13 - 2017-02-12 09:13 - 00313366 _____ C:\Users\Hothen\Downloads\WindowsUpdate (1).diagcab
2017-02-12 08:05 - 2017-02-12 08:05 - 00313366 _____ C:\Users\Hothen\Downloads\WindowsUpdate.diagcab
2017-02-11 11:54 - 2017-02-11 11:54 - 00000000 ____D C:\8f255e2721bbe4b732ac346ebefcfeca
2017-02-11 11:53 - 2017-02-11 11:54 - 30659457 _____ C:\Users\Hothen\Downloads\Windows6.1-KB3172605-x64.msu
2017-02-11 11:46 - 2017-02-12 20:40 - 00000000 ____D C:\Windows\system32\catroot2.bak
2017-02-09 18:57 - 2017-02-09 18:57 - 00100744 _____ C:\ProgramData\1486695345.bdinstall.bin
2017-02-09 18:55 - 2017-02-09 18:55 - 00037824 _____ C:\ProgramData\1486695334.bdinstall.bin
2017-02-08 22:12 - 2017-02-08 22:12 - 00001144 _____ C:\Users\Hothen\Desktop\JRT.txt
2017-02-08 20:37 - 2017-02-12 20:40 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-08 20:36 - 2017-02-12 18:23 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-08 20:21 - 2017-02-08 20:24 - 00008687 _____ C:\Users\Hothen\Downloads\Fixlog.txt
2017-02-08 08:29 - 2017-02-08 08:29 - 00033871 _____ C:\Users\Hothen\Desktop\bc-msg.txt
2017-02-08 08:11 - 2017-02-08 08:11 - 00103504 _____ C:\Users\Hothen\Desktop\Addition.txt
2017-02-08 08:02 - 2017-02-08 08:09 - 00103501 _____ C:\Users\Hothen\Downloads\Addition.txt
2017-02-08 08:00 - 2017-02-17 07:58 - 00022418 _____ C:\Users\Hothen\Downloads\FRST.txt
2017-02-08 07:59 - 2017-02-17 07:57 - 00000000 ____D C:\FRST
2017-02-08 07:59 - 2017-02-08 07:59 - 02421248 _____ (Farbar) C:\Users\Hothen\Downloads\FRST64.exe
2017-02-08 00:00 - 2017-02-12 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-08 00:00 - 2017-02-08 00:00 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-08 00:00 - 2017-02-08 00:00 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-07 23:11 - 2017-02-07 23:11 - 01304400 _____ C:\Users\Hothen\Downloads\Autoruns.zip
2017-02-07 23:11 - 2017-02-07 23:11 - 00037821 _____ C:\Users\Hothen\Desktop\MTB.txt
2017-02-07 23:10 - 2017-02-12 20:40 - 00000000 ____D C:\AdwCleaner
2017-02-07 23:09 - 2017-02-07 23:10 - 04015056 _____ C:\Users\Hothen\Downloads\AdwCleaner.exe
2017-02-07 22:56 - 2017-02-07 22:57 - 00037821 _____ C:\Users\Hothen\Downloads\MTB.txt
2017-02-07 22:55 - 2017-02-07 22:55 - 00892416 _____ (Farbar) C:\Users\Hothen\Downloads\MiniToolBox.exe
2017-02-07 22:54 - 2017-02-12 20:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-02-07 22:44 - 2017-02-07 22:54 - 00659902 _____ C:\TDSSKiller.3.1.0.12_07.02.2017_22.44.45_log.txt
2017-02-07 22:39 - 2017-02-07 22:40 - 00209280 _____ C:\TDSSKiller.3.1.0.12_07.02.2017_22.39.12_log.txt
2017-02-07 22:38 - 2017-02-07 22:38 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Hothen\Downloads\tdsskiller.exe
2017-02-07 19:42 - 2017-02-17 03:42 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8a4d964c-25e3-4d9e-bb82-dcc9170ce293.job
2017-02-07 19:42 - 2017-02-17 02:00 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 22fcc24d-c265-4010-aa1d-d7289d8ffcfa.job
2017-02-07 19:42 - 2017-02-07 19:42 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 22fcc24d-c265-4010-aa1d-d7289d8ffcfa
2017-02-07 19:42 - 2017-02-07 19:42 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 8a4d964c-25e3-4d9e-bb82-dcc9170ce293
2017-02-07 19:42 - 2017-02-07 19:42 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\SUPERAntiSpyware.com
2017-02-07 19:41 - 2017-02-12 20:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-07 19:41 - 2017-02-12 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-07 19:41 - 2017-02-12 20:36 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-02-07 19:41 - 2017-02-07 19:41 - 00001768 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-02-07 19:40 - 2017-02-07 19:40 - 29170976 _____ (SUPERAntiSpyware) C:\Users\Hothen\Downloads\SAS_4848.EXE
2017-02-07 19:16 - 2017-02-07 19:16 - 00245424 _____ C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1 (1).exe
2017-02-05 12:19 - 2017-02-05 12:19 - 00473182 _____ C:\Users\Hothen\Desktop\bookmarks.html
2017-02-05 10:24 - 2017-02-05 10:24 - 00037787 _____ C:\Users\Hothen\Downloads\40000000187.pdf
2017-01-29 12:56 - 2017-01-29 12:56 - 00245424 _____ C:\Users\Hothen\Downloads\Firefox Setup Stub 51.0.1.exe
2017-01-29 09:20 - 2017-01-29 09:20 - 00000037 _____ C:\Users\Hothen\Desktop\book-list.txt
2017-01-18 15:21 - 2017-01-18 15:21 - 00224218 _____ C:\Users\Hothen\Desktop\TechSmith - Order Confirmation (Order #10193909305).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 07:51 - 2011-07-29 07:25 - 00000000 ____D C:\Users\Hothen\AppData\Local\PasswordSafe
2017-02-17 07:34 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-17 07:34 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-17 07:30 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-17 07:25 - 2009-07-13 21:13 - 00914942 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-17 07:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-17 07:20 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 07:19 - 2013-07-11 05:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-17 07:19 - 2013-07-11 05:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-17 07:19 - 2009-07-13 20:45 - 05104704 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-17 07:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-17 07:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism
2017-02-16 23:51 - 2011-08-16 07:04 - 00907556 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-16 23:43 - 2013-07-11 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-16 23:40 - 2013-07-13 07:38 - 00000000 ____D C:\Windows\system32\MRT
2017-02-16 23:31 - 2010-12-29 10:18 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-16 21:58 - 2016-11-16 07:57 - 00000000 ____D C:\Users\Hothen\AppData\LocalLow\Mozilla
2017-02-16 19:12 - 2014-08-29 09:01 - 00000000 ____D C:\Users\Hothen\AppData\Local\Adobe
2017-02-15 22:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2017-02-15 21:19 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-15 21:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-02-15 19:48 - 2010-12-29 12:21 - 00000000 ____D C:\Users\Hothen\Documents\223 Missouri
2017-02-15 18:46 - 2010-12-29 13:18 - 00000000 ____D C:\Users\Public\CyberLink
2017-02-15 18:45 - 2010-12-29 13:18 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\CyberLink
2017-02-12 20:54 - 2010-12-29 09:50 - 00000000 ____D C:\Users\Hothen
2017-02-12 20:40 - 2016-03-16 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-02-12 20:40 - 2015-04-05 06:42 - 00000000 ___SD C:\Windows\system32\GWX
2017-02-12 20:40 - 2015-03-13 07:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-12 20:40 - 2015-01-28 20:33 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\Spotify
2017-02-12 20:40 - 2015-01-14 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2017-02-12 20:40 - 2014-08-02 13:03 - 00000000 ____D C:\Program Files\CCleaner
2017-02-12 20:40 - 2012-05-02 13:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-12 20:40 - 2011-07-25 17:51 - 00000000 ____D C:\ProgramData\FLEXnet
2017-02-12 20:40 - 2011-05-12 07:09 - 00000000 ____D C:\ProgramData\Real
2017-02-12 20:40 - 2010-07-10 20:35 - 00000000 ____D C:\Program Files\Java
2017-02-12 20:40 - 2010-07-10 20:34 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-12 20:40 - 2010-07-10 19:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-12 20:40 - 2010-07-10 18:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-12 20:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-12 20:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Catroot2.old
2017-02-12 20:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2017-02-12 20:38 - 2011-11-26 11:44 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-12 20:37 - 2015-01-28 20:38 - 00000000 ____D C:\Users\Hothen\AppData\Local\Spotify
2017-02-12 20:37 - 2010-12-29 11:16 - 00000000 ____D C:\Users\Hothen\Documents\Travel
2017-02-12 20:37 - 2010-12-29 10:35 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\Mozilla
2017-02-12 20:37 - 2010-12-29 09:55 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\Macromedia
2017-02-12 20:36 - 2015-03-13 07:01 - 00000000 ____D C:\ProgramData\Oracle
2017-02-12 20:36 - 2011-12-09 13:59 - 00000000 ____D C:\Users\Hothen\AppData\Local\Google
2017-02-12 20:35 - 2015-01-26 19:07 - 00000000 ____D C:\Program Files\COMODO
2017-02-12 20:35 - 2013-01-18 09:20 - 00000000 ____D C:\ProgramData\COMODO
2017-02-12 20:35 - 2012-12-15 16:46 - 00000000 ____D C:\Program Files\Bitdefender
2017-02-12 20:35 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-12 18:23 - 2011-01-23 09:24 - 00000000 ____D C:\Users\Hothen\AppData\Roaming\BitTorrent
2017-02-12 18:22 - 2010-11-20 00:47 - 00000000 ____D C:\Windows\SoftwareDistribution.bak
2017-02-12 16:56 - 2011-05-08 07:51 - 00000000 ____D C:\Users\Hothen\AppData\Local\ElevatedDiagnostics
2017-02-12 09:20 - 2011-03-30 17:43 - 00000000 ____D C:\Users\Hothen\AppData\Local\CutePDF Writer
2017-02-10 21:15 - 2011-07-29 07:25 - 00000000 ____D C:\Users\Hothen\Documents\My Safes
2017-02-08 21:40 - 2012-01-11 08:23 - 00000000 __SHD C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}
2017-02-06 20:21 - 2015-09-11 06:51 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:21 - 2015-09-11 06:51 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-04 09:58 - 2014-07-17 08:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-30 20:49 - 2013-02-16 07:32 - 00000000 ____D C:\Users\Hothen\Desktop\jobs
2017-01-29 09:56 - 2013-01-18 09:20 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-01-18 13:10 - 2012-11-22 19:25 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHothen
2017-01-18 13:10 - 2012-11-22 19:25 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForHothen.job
 
==================== Files in the root of some directories =======
 
2011-05-12 17:14 - 2011-10-13 14:16 - 0001854 _____ () C:\Users\Hothen\AppData\Roaming\GhostObjGAFix.xml
2011-09-25 06:29 - 2011-09-25 06:29 - 0126632 _____ () C:\Users\Hothen\AppData\Local\ars.cache
2011-09-25 06:30 - 2011-09-25 06:30 - 0831072 _____ () C:\Users\Hothen\AppData\Local\census.cache
2011-07-11 05:07 - 2011-07-11 05:07 - 0000036 _____ () C:\Users\Hothen\AppData\Local\housecall.guid.cache
2012-09-19 19:38 - 2015-12-24 22:29 - 0007611 _____ () C:\Users\Hothen\AppData\Local\resmon.resmoncfg
2017-02-09 18:55 - 2017-02-09 18:55 - 0037824 _____ () C:\ProgramData\1486695334.bdinstall.bin
2017-02-09 18:57 - 2017-02-09 18:57 - 0100744 _____ () C:\ProgramData\1486695345.bdinstall.bin
2012-04-09 14:41 - 2016-03-06 10:16 - 0001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-11-20 00:55 - 2010-11-20 00:55 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-10 20:02 - 2010-07-10 20:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-11-20 00:54 - 2010-11-20 00:54 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-10 19:55 - 2010-07-10 19:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-20 00:53 - 2010-11-20 00:53 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-11-20 00:54 - 2010-11-20 00:54 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-10 19:54 - 2010-07-10 19:55 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-10 19:56 - 2010-07-10 20:02 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-11-20 00:55 - 2010-11-20 00:55 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
ZeroAccess:
C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}
C:\Users\Hothen\AppData\Local\{6ce342f7-d5e6-1a14-25e4-4ec6855cb6a6}\@
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-12 16:49
 
==================== End of FRST.txt ============================


#14 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 17 February 2017 - 12:20 PM

Here is the Addition.txt



#15 Bulova

Bulova
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 17 February 2017 - 12:21 PM

OK, this time for reals.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users