Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC randomly shutting off,sluggish,unable to update Avira..possible inf


  • Please log in to reply

#1
chrimajon

chrimajon

    Member

  • Member
  • PipPip
  • 23 posts

Hi there,

 

Not sure if this IS a malware/virus infection,but I'd like to rule it out if possible..

 

About a week ago,my Win 7 PC suddenly began randomly shutting off,and wouldn't restart unless the power lead was unplugged for several seconds. Ever since then,the machine has seemed sluggish,with intermittent sound issues - I noticed 'audiodg' keeps appearing & disappearing from task manager - embedded Youtube videos on forums no longer show up(never had this issue previously),and I'm now unable to update Avira AV.

 

Not certain if these problems are malware-based,or even if they're related,so apologies if this is in the wrong area! Any help will be appreciated,thank you!


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,052 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
    •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    chrimajon

    chrimajon

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    Hi,thanks for your assistance!

     

    logs posted below as requested - one thing I should mention..when I booted up my comp this morning,it couldn't load Windows as normal.I was presented with the BIOS screen and had to press F2(default settings),in order for windows to start..I then noticed the time & date were about 24 hours behind,and had to alter them manually.

     

    # AdwCleaner v6.045 - Logfile created 20/04/2017 at 11:21:01
    # Updated on 28/03/2017 by Malwarebytes
    # Database : 2017-04-19.2 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : user - USER-PC
    # Running from : C:\Users\user\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1269 Bytes] - [20/04/2017 11:21:01]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1576 Bytes] - [20/04/2017 11:20:35]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1415 Bytes] ##########
     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 7 Home Premium x64
    Ran by user (Administrator) on 20/04/2017 at 11:27:36.46
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 10

    Successfully deleted: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\user.js (File)
    Successfully deleted: C:\Windows\system32\Tasks\RMSmartUpdate (Task)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDF6XYVC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPO2T11F (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDO5QYTG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCN1JV7W (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDF6XYVC (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPO2T11F (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDO5QYTG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCN1JV7W (Temporary Internet Files Folder)



    Registry: 2

    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 20/04/2017 at 11:33:17.16
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
    Ran by user (administrator) on USER-PC (20-04-2017 11:40:01)
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1476288 2017-04-05] (COMODO)
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-17] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{D9EA0BF2-75DF-48E6-8E2F-9643EB0324DC}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://trle.net/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/stg_drm.ocx
    DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/armhelper.ocx

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default [2017-04-20]
    FF Homepage: Mozilla\Firefox\Profiles\fogqhnk3.default -> hxxp://www.trle.net/
    FF NetworkProxy: Mozilla\Firefox\Profiles\fogqhnk3.default -> type", 0
    FF Extension: (Rotor Throbber) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\admin@foxed.ca.xpi [2016-04-28]
    FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\artur.dubovoy@gmail.com [2017-02-19]
    FF Extension: (RAMBack) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\ramback@pavlov.net.xpi [2016-12-23]
    FF Extension: (Status-4-Evar) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\status4evar@caligonstudios.com.xpi [2017-01-14]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
    FF Extension: (Video DownloadHelper) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
    FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-23]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-22] ()
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-22] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-19] (SUPERAntiSpyware.com)
    S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-02] (Adobe Systems) [File not signed]
    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
    S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-17] (Avira Operations GmbH & Co. KG)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10508904 2017-04-05] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-05] (COMODO)
    R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2430304 2009-10-23] (Diskeeper Corporation)
    S2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
    S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2015-08-19] (Nalpeiron Ltd.) [File not signed]
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
    R2 PlugPlay; C:\Windows\SysWOW64\umpnpmgr.dll [404480 2015-04-04] (Microsoft Corporation)
    S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-12-28] (Safer-Networking Ltd.)
    S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-12-26] (Safer-Networking Ltd.)
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-03] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-03] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-03] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-03] (Avira Operations GmbH & Co. KG)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
    S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
    R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [51120 2009-10-21] (Diskeeper Corporation)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
    R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-30] (COMODO)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    U3 iswSvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-20 11:40 - 2017-04-20 11:40 - 00013780 _____ C:\Users\user\Desktop\FRST.txt
    2017-04-20 11:38 - 2017-04-20 11:40 - 00000000 ____D C:\FRST
    2017-04-20 11:37 - 2017-04-20 11:37 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2017-04-20 11:35 - 2017-04-20 11:35 - 00000000 ___SH C:\DkHyperbootSync
    2017-04-20 11:33 - 2017-04-20 11:33 - 00002319 _____ C:\Users\user\Desktop\JRT.txt
    2017-04-20 11:18 - 2017-04-20 11:21 - 00000000 ____D C:\AdwCleaner
    2017-04-19 22:35 - 2017-04-19 22:35 - 01663672 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
    2017-04-19 22:30 - 2017-04-19 22:30 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner.exe
    2017-04-19 15:49 - 2017-04-19 15:49 - 04922400 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
    2017-04-19 15:47 - 2017-04-19 15:47 - 05659609 _____ (Swearware) C:\Users\user\Desktop\ComboFix.exe
    2017-04-19 15:46 - 2017-04-19 15:46 - 09390672 _____ (Piriform Ltd) C:\Users\user\Desktop\ccsetup529.exe
    2017-04-18 19:21 - 2017-04-18 19:23 - 00000000 ____D C:\Users\user\Desktop\New folder
    2017-04-16 01:06 - 2017-04-19 16:29 - 00000819 _____ C:\Users\user\Desktop\stuff.txt
    2017-04-13 13:28 - 2011-08-07 11:57 - 00000258 _____ C:\Windows\Restart_Explorer.bat
    2017-04-13 13:25 - 2017-04-20 00:10 - 00000000 ____D C:\Users\user\Desktop\TO
    2017-04-13 11:56 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2017-04-13 11:56 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2017-04-12 15:40 - 2017-04-20 11:38 - 00001231 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-20 11:38 - 00001231 _____ C:\ProgramData\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-12 15:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2017-04-12 15:38 - 2017-04-12 15:38 - 00000000 ____D C:\Program Files\COMODO
    2017-04-12 15:37 - 2017-04-12 15:37 - 00000000 ____D C:\Program Files (x86)\COMODO
    2017-04-12 15:37 - 2017-03-30 04:10 - 00307960 _____ (COMODO) C:\Windows\system32\iseguard64.dll
    2017-04-12 15:37 - 2017-03-30 04:10 - 00236792 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
    2017-04-12 15:37 - 2017-03-30 04:10 - 00050856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
    2017-04-12 15:34 - 2017-04-12 15:37 - 00000000 ____D C:\ProgramData\Comodo
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Shared Space
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Comodo Downloader
    2017-04-12 13:43 - 2017-03-27 19:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-27 18:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-25 20:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 20:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 20:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 19:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-04-12 13:43 - 2017-03-25 19:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 19:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 19:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 19:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 19:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 19:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-04-12 13:43 - 2017-03-25 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-04-12 13:43 - 2017-03-25 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 18:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 18:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-04-12 13:43 - 2017-03-25 18:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 18:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-04-12 13:43 - 2017-03-25 18:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 18:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 18:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 18:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-04-12 13:43 - 2017-03-25 18:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-04-12 13:43 - 2017-03-25 18:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 18:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 18:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-04-12 13:43 - 2017-03-25 18:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-04-12 13:43 - 2017-03-25 18:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 18:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-04-12 13:43 - 2017-03-25 17:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 17:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 17:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 17:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-04-12 13:43 - 2017-03-25 17:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 17:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-24 23:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-04-12 13:43 - 2017-03-24 23:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-04-12 13:43 - 2017-03-22 16:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-04-12 13:43 - 2017-03-14 16:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-04-12 13:43 - 2017-03-14 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-04-12 13:43 - 2017-03-14 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-04-12 13:43 - 2017-03-10 17:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-04-12 13:43 - 2017-03-10 16:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-04-12 13:43 - 2017-03-08 21:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 21:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 05:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-04-12 13:43 - 2017-03-08 05:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-04-12 13:43 - 2017-03-08 05:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-04-12 13:43 - 2017-03-08 05:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-04-12 13:43 - 2017-03-08 05:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-04-12 13:43 - 2017-03-08 05:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-04-12 13:43 - 2017-03-08 04:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-04-12 13:43 - 2017-03-08 04:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 04:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-04-12 13:43 - 2017-03-08 04:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-04-12 13:43 - 2017-03-08 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 04:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-04-12 13:43 - 2017-03-08 04:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-07 17:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 17:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 15:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-02-14 17:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-04-12 13:43 - 2017-02-14 17:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-04-12 13:43 - 2017-02-11 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-04-12 13:43 - 2017-02-11 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-04-12 13:43 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-04-12 13:24 - 2017-04-12 13:24 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
    2017-04-12 13:16 - 2017-04-12 13:16 - 00000000 ____D C:\ProgramData\CheckPoint
    2017-04-12 13:03 - 2017-04-05 06:58 - 00365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2017-04-12 12:58 - 2017-04-12 12:58 - 05363680 _____ (COMODO) C:\Users\user\Downloads\cmd_fw_installer_6113_c7.exe
    2017-04-11 16:54 - 2017-04-11 16:54 - 00000000 ____D C:\Program Files (x86)\Realtek
    2017-04-06 23:23 - 2017-04-05 06:58 - 00230592 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
    2017-04-06 23:23 - 2017-04-05 06:56 - 00194752 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00732368 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
    2017-04-05 07:00 - 2017-04-05 07:00 - 00941768 _____ (COMODO) C:\Windows\system32\guard64.dll
    2017-04-05 06:58 - 2017-04-05 06:58 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
    2017-04-05 06:56 - 2017-04-05 06:56 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
    2017-03-28 21:33 - 2017-03-28 21:33 - 00848736 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00119392 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00057504 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00031664 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-20 11:32 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-20 11:32 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-20 11:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-19 21:27 - 2014-06-02 19:23 - 00000000 ____D C:\ProgramData\TEMP
    2017-04-19 20:32 - 2016-03-27 15:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-04-19 00:09 - 2009-07-14 06:13 - 00908594 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-04-19 00:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2017-04-19 00:02 - 2015-07-19 15:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-04-17 00:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2017-04-16 17:55 - 2014-07-06 15:32 - 00000000 ____D C:\Windows\ERDNT
    2017-04-16 15:15 - 2014-06-03 23:38 - 00000000 ____D C:\Users\user\Documents\Calibre Library
    2017-04-16 00:28 - 2015-02-01 20:16 - 00003209 _____ C:\Users\user\Desktop\owners club clickable links.txt
    2017-04-14 16:25 - 2016-06-01 20:13 - 00001084 _____ C:\Users\user\Desktop\coil harness connections.txt
    2017-04-14 11:39 - 2009-07-14 05:45 - 00321840 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-04-13 11:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Performance
    2017-04-12 19:32 - 2014-05-15 10:51 - 00892460 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-04-12 15:40 - 2014-06-02 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2017-04-12 15:31 - 2016-03-04 12:39 - 00000000 ____D C:\Users\user\Desktop\The Prisoner
    2017-04-12 15:31 - 2016-02-18 23:14 - 00000000 ____D C:\Users\user\Desktop\11-22-63
    2017-04-12 14:52 - 2014-05-13 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-04-12 14:48 - 2014-05-13 12:50 - 00000000 ____D C:\Windows\system32\MRT
    2017-04-12 14:40 - 2014-05-13 12:50 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-04-11 17:06 - 2014-06-02 16:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-04-11 17:06 - 2014-06-02 16:28 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-04-11 14:53 - 2015-07-25 16:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-04-11 14:52 - 2015-11-05 14:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-04-04 20:12 - 2014-07-19 12:33 - 00000000 ____D C:\Program Files\Recuva
    2017-03-26 15:46 - 2016-06-04 11:14 - 00000000 ____D C:\Users\user\Desktop\Movavi Video Converter
    2017-03-22 14:35 - 2014-06-03 10:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-03-22 14:35 - 2014-06-03 10:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-03-22 14:35 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-03-22 14:35 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\system32\Macromed
    2017-03-22 14:35 - 2014-05-13 12:03 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
    2017-03-21 18:16 - 2016-09-27 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

    ==================== Files in the root of some directories =======

    2014-06-03 13:30 - 2014-06-03 13:30 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
    2014-06-03 13:30 - 2014-06-03 13:30 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
    2014-06-03 13:31 - 2014-06-03 13:31 - 0000074 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
    2014-06-03 13:31 - 2014-06-03 13:32 - 0001041 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
    2014-06-03 14:26 - 2017-02-24 17:15 - 0060416 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-06-09 18:59 - 2017-01-06 04:20 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
    2017-04-12 13:03 - 2017-04-05 06:58 - 0365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2014-06-02 17:04 - 2014-06-02 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-06-02 19:19 - 2014-06-02 19:19 - 0004104 _____ () C:\ProgramData\ojobkspa.ako

    Files to move or delete:
    ====================
    C:\ProgramData\cmdres.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-04-17 00:20

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
    Ran by user (20-04-2017 11:41:11)
    Running from C:\Users\user\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2014-05-13 10:46:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3226483179-4034785836-799415362-500 - Administrator - Disabled)
    Guest (S-1-5-21-3226483179-4034785836-799415362-501 - Limited - Disabled)
    user (S-1-5-21-3226483179-4034785836-799415362-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Enabled - Out of date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
    AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
    AS: Avira Antivirus (Enabled - Out of date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft)
    ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.49 - ArcSoft)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009608308.48.56.44502250 - Audible, Inc.)
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
    Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
    Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
    Barrow Hill (HKLM-x32\...\Barrow Hill) (Version:  - )
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    BitTorrent (HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.)
    calibre (HKLM-x32\...\{9AB9E32A-236E-4A1E-AE76-367C8798A338}) (Version: 2.74.0 - Kovid Goyal)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
    Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MG4200 series User Registration (HKLM-x32\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
    COMODO Firewall (Version: 10.0.1.6209 - COMODO Security Solutions Inc.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    [bleep] NFO Viewer 2.10.0031 RC3 (HKLM-x32\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - [bleep])
    Diskeeper 2010 Pro Premier (HKLM\...\{858CCC22-7029-4426-B4D5-58C38742EBD3}) (Version: 14.0.896.64 - Diskeeper Corporation)
    Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
    Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
    ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version:  - )
    Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
    Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
    MediaCoder x64 0.8.30.5620 (HKLM\...\MediaCoder x64) (Version: 0.8.30.5620 - Mediatronic)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0107.120 - Mio Technology)
    Movavi Video Converter 10 (HKLM-x32\...\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}) (Version: 10.02.002 - Movavi)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 46.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 46.0 (x64 en-GB)) (Version: 46.0 - Mozilla)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 9 Essentials (HKLM-x32\...\{378ce143-1a66-4483-8a2f-2e11d3efbfd7}) (Version:  - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
    PlayFLV (HKLM-x32\...\PlayFLV) (Version:  - )
    Private Proxy (HKLM-x32\...\{26E8F025-1C39-4394-8252-F62CDD14C7FB}) (Version: 3.01 - Privacy Partners)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.6.4 - Shark007)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - Ulead System)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
    WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {044FF1CA-37E0-4B15-82B9-B2B1D9D20065} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {05F5439E-37A8-4F6D-AE29-C5D0D061ED5C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {11E698AC-DADF-4EEB-9C7F-1B8E94B8CFFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {4DAFED21-0D75-41AF-8FC0-BE8491D3D996} - System32\Tasks\{E2AEF9EF-D5B1-4B36-8AC8-9F9E65F06D17} => pcalua.exe -a C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10\InstallFilter.exe -d C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10
    Task: {AA14A9F3-2FD9-43F9-8B2A-57060CF88CD1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-05] (COMODO)
    Task: {ABC2B4A9-962D-41EB-996D-F19C1BA4E1F0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {B3A69E1D-9F53-4084-82DA-28230B656AFD} - System32\Tasks\Amazon Music Helper => C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\user\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-04-05 06:57 - 2017-04-05 06:57 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
    2017-04-05 06:57 - 2017-04-05 06:57 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
    2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9C.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9I.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNMLMB9.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9U.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlssrv32.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdZnID [26]
    AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\avnetflt.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\TEMP:1A15E356 [364]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:7C9E34A2 [123]
    AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [192]
    AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [406]
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [312]
    AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7 [132]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7867 more sites.

    IE trusted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\vizzed.com -> www.vizzed.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123simsen.com -> www.123simsen.com

    There are 7865 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-12-28 15:54 - 00450771 ____N C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    127.0.0.1    1-2005-search.com
    127.0.0.1    123fporn.info
    127.0.0.1    www.123fporn.info
    127.0.0.1    123haustiereundmehr.com
    127.0.0.1    www.123haustiereundmehr.com
    127.0.0.1    123moviedownload.com
    127.0.0.1    www.123moviedownload.com

    There are 15463 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Amazon Music => "C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: IseUI => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{AAC05A9B-0391-4F29-A756-1112A160C9A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{5908E71C-9DE9-4EA1-A1C9-EFE70FA14DC1}] => (Allow) LPort=2869
    FirewallRules: [{E7A42576-E152-4567-B56E-32B4A7FBF7F8}] => (Allow) LPort=1900
    FirewallRules: [{0AA000F8-2737-4AA8-8820-98F8F9A27203}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{208F3C06-2352-4241-BB7D-BA5C4B2BAC71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7DD8225E-325E-4E83-AFA0-EDAE2BF10B03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6196CCDF-1E05-4FFC-A7BC-94351A53A9EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{05A82E4D-5107-4507-9ECB-3E4E9C26B47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{E74E063E-5349-4B2A-8DD1-3DBF11EF2C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{1934F01E-AB6A-4013-B6E9-1C7DBF552A7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7FBFEB9F-77D6-42E9-AB15-7ECC60BEA72B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{68E0D4DE-1D71-4310-800C-114BF3CB2DF4}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [UDP Query User{8DFB8401-13ED-413A-9CCC-21FEE89522CE}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [TCP Query User{EE746837-BFC8-4001-B5E0-3FB0AB8638BB}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [UDP Query User{6DC74960-2CFA-4F1B-BA92-EDE77A830469}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [TCP Query User{E3513280-A828-40D8-A1DC-6D845247140E}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{1995A1F4-CDD0-4FF5-AA26-46A4BA57E35F}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [TCP Query User{4575C643-5139-4198-B4A5-3793D5D5AC38}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [UDP Query User{92792CAC-D89D-4B61-B77D-543789E93FAD}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [{9891CE18-8161-4DCD-B513-63DFF86BFC4E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{E94F96F8-E2E6-458C-B249-2AFA15805432}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{7747B5E0-DC7A-4590-8029-BE73D4C89A18}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{8E18FF2D-E4EB-482D-95A2-FD3F65A93211}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{147AB450-66A7-46B4-8256-5360944F3066}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{FDF8781B-916B-43E5-9B95-19505063E69E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{ACFDBE38-D6CC-4B69-83E3-3772E923C867}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{47005BA6-1FED-4444-B6B9-BDD33340F299}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6329747A-09B6-405C-BABE-08748C24FABC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{F72C1F80-E318-4906-93D3-BCD0F0F98FD9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{7E93D640-6CF5-4945-A7FA-DBF5673387B0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{CA092A44-81AF-49AB-B46C-252C0E02AC3E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    20-04-2017 11:27:40 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: pcouffin device ...
    Description: pcouffin device ...
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisEvent" whose target class "CisEvent" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider  attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider  attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.


    System errors:
    =============
    Error: (04/20/2017 11:26:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 11:26:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The isesrv service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 11:26:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 11:23:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

    Error: (04/20/2017 11:20:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Diskeeper service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 11:20:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (04/20/2017 11:20:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Remote Procedure Call (RPC) Locator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (04/20/2017 11:20:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/20/2017 11:15:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 11:15:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The isesrv service terminated unexpectedly.  It has done this 1 time(s).


    CodeIntegrity:
    ===================================
      Date: 2017-04-20 11:38:20.568
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 11:38:20.350
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 11:23:15.452
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 11:23:15.296
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 11:20:52.580
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 11:20:52.393
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-19 00:03:12.593
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-19 00:03:12.452
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 00:28:17.883
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 00:28:17.540
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™2 CPU 6420 @ 2.13GHz
    Percentage of memory in use: 39%
    Total physical RAM: 3071.24 MB
    Available physical RAM: 1864.61 MB
    Total Virtual: 6140.67 MB
    Available Virtual: 4631.92 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:221.17 GB) (Free:138.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:64.67 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 612C6EEB)
    Partition 1: (Not Active) - (Size=11.7 GB) - (Type=17)
    Partition 2: (Active) - (Size=221.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
    Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    The CMOS battery on the motherboard may be dying if the clock is losing time and forgetting its BIOS settings.  What make and model are we talking?

     

    I don't see any malware but I do see 2 anti-viruses, Avira & Comodo.  Running two will slow things down as they fight each other.  Also both have alarms in the event logs so neither is working correctly.  Please uninstall one.  (Or both and install the free Avast in their place.  http://www.avast.com/index

    Click on Download then choose the free version.
    Download, Save, and right click and Run As Administrator.
    Uncheck any optional software and stay with the Basic/Free version.  It will need a reboot and will try to talk you into the Demo but stay with the Basic/Free version.)

     

    Also uninstall SuperAntiSpyware.  I don't see Spybot S&D in the uninstall list but there are signs of it all over your logs.  I don't recommend it for anything newer than Windows 2000 as it slows your system down and does strange things to your file and registry permissions.

     

    Diskeeper 2010 Pro Premier is not working correctly either so should be uninstalled.

     

    You have stuff unchecked in msconfig.  (I can't remove it if it's unchecked in msconfig)

     

    Search for

    msconfig

    hit Enter.

     

    Under the Startup tab, check everything, Apply

    Under the Services tab, check everything, OK

     

    Reboot and run a new FRST scan with Addition.txt checked and post both logs.

     

    Also:

     

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
     
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     
    Copy the next 2 lines:
     
    TASKLIST /SVC  > \junk.txt
    notepad \junk.txt
     
    Open an Elevated Command Prompt:
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
     
     
    Right click and Paste (or Edit then Paste) and the copied lines should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER if it asks.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
     
    First click on More Reply Options
    Then scroll down to where you see
    Choose File and click on it.  Point it at the file and hit Open.
    Now click on Attach this file.
     

     


    • 0

    #5
    chrimajon

    chrimajon

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    The make/model is an ASUS P5L 1394

     

    Logs again as requested:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
    Ran by user (administrator) on USER-PC (20-04-2017 15:05:06)
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1476288 2017-04-05] (COMODO)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-20] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2015-02-07] (Oracle Corporation)
    HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
    HKLM-x32\...\Run: [SDTray] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-30] (COMODO)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2016-06-24] (CANON INC.)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-02-02] (Adobe Systems Incorporated)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-08-02] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [Amazon Music] => "C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-06-02]
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{D9EA0BF2-75DF-48E6-8E2F-9643EB0324DC}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://trle.net/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-20] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-20] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/stg_drm.ocx
    DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/armhelper.ocx

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default [2017-04-20]
    FF Homepage: Mozilla\Firefox\Profiles\fogqhnk3.default -> hxxp://www.trle.net/
    FF NetworkProxy: Mozilla\Firefox\Profiles\fogqhnk3.default -> type", 0
    FF Extension: (Rotor Throbber) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\admin@foxed.ca.xpi [2016-04-28]
    FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\artur.dubovoy@gmail.com [2017-02-19]
    FF Extension: (RAMBack) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\ramback@pavlov.net.xpi [2016-12-23]
    FF Extension: (Status-4-Evar) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\status4evar@caligonstudios.com.xpi [2017-01-14]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
    FF Extension: (Video DownloadHelper) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
    FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-23]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-22] ()
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-22] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-02] (Adobe Systems) [File not signed]
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-20] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-20] (AVAST Software)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10508904 2017-04-05] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-05] (COMODO)
    S2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
    S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2015-08-19] (Nalpeiron Ltd.) [File not signed]
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
    R2 PlugPlay; C:\Windows\SysWOW64\umpnpmgr.dll [404480 2015-04-04] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    S3 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
    S4 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-20] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-20] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-20] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-20] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-20] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-20] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-20] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-20] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-20] (AVAST Software)
    R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
    S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
    R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-30] (COMODO)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    U3 iswSvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-20 15:05 - 2017-04-20 15:08 - 00016099 _____ C:\Users\user\Desktop\FRST.txt
    2017-04-20 15:04 - 2017-04-20 15:04 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-04-20 14:49 - 2017-04-20 14:49 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1492696168
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
    2017-04-20 14:48 - 2017-04-20 14:48 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-04-20 14:47 - 2017-04-20 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
    2017-04-20 14:46 - 2017-04-20 15:06 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-04-20 14:46 - 2017-04-20 14:46 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-04-20 14:46 - 2017-04-20 14:46 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
    2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2017-04-20 14:46 - 2017-04-20 14:45 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-04-20 14:44 - 2017-04-20 14:48 - 00000000 ____D C:\Program Files\AVAST Software
    2017-04-20 14:19 - 2017-04-20 14:19 - 06293184 _____ (Piriform Ltd) C:\Users\user\Desktop\spsetup130.exe
    2017-04-20 14:18 - 2017-04-20 14:18 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\Desktop\procexp.exe
    2017-04-20 14:18 - 2017-04-20 14:18 - 00061440 _____ ( ) C:\Users\user\Desktop\VEW.exe
    2017-04-20 11:38 - 2017-04-20 15:05 - 00000000 ____D C:\FRST
    2017-04-20 11:37 - 2017-04-20 11:37 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2017-04-20 11:33 - 2017-04-20 11:33 - 00002319 _____ C:\Users\user\Desktop\JRT.txt
    2017-04-20 11:18 - 2017-04-20 11:21 - 00000000 ____D C:\AdwCleaner
    2017-04-19 22:35 - 2017-04-19 22:35 - 01663672 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
    2017-04-19 22:30 - 2017-04-19 22:30 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner.exe
    2017-04-19 15:49 - 2017-04-19 15:49 - 04922400 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
    2017-04-19 15:47 - 2017-04-19 15:47 - 05659609 _____ (Swearware) C:\Users\user\Desktop\ComboFix.exe
    2017-04-19 15:46 - 2017-04-19 15:46 - 09390672 _____ (Piriform Ltd) C:\Users\user\Desktop\ccsetup529.exe
    2017-04-18 19:21 - 2017-04-18 19:23 - 00000000 ____D C:\Users\user\Desktop\New folder
    2017-04-16 01:06 - 2017-04-19 16:29 - 00000819 _____ C:\Users\user\Desktop\stuff.txt
    2017-04-13 13:28 - 2011-08-07 11:57 - 00000258 _____ C:\Windows\Restart_Explorer.bat
    2017-04-13 13:25 - 2017-04-20 14:04 - 00000000 ____D C:\Users\user\Desktop\TO
    2017-04-13 11:56 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2017-04-13 11:56 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2017-04-12 15:40 - 2017-04-20 13:33 - 00001231 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-20 13:33 - 00001231 _____ C:\ProgramData\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-12 15:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2017-04-12 15:38 - 2017-04-12 15:38 - 00000000 ____D C:\Program Files\COMODO
    2017-04-12 15:37 - 2017-04-12 15:37 - 00000000 ____D C:\Program Files (x86)\COMODO
    2017-04-12 15:37 - 2017-03-30 04:10 - 00307960 _____ (COMODO) C:\Windows\system32\iseguard64.dll
    2017-04-12 15:37 - 2017-03-30 04:10 - 00236792 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
    2017-04-12 15:37 - 2017-03-30 04:10 - 00050856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
    2017-04-12 15:34 - 2017-04-12 15:37 - 00000000 ____D C:\ProgramData\Comodo
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Shared Space
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Comodo Downloader
    2017-04-12 13:43 - 2017-03-27 19:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-27 18:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-25 20:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 20:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 20:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 19:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-04-12 13:43 - 2017-03-25 19:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 19:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 19:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 19:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 19:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 19:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-04-12 13:43 - 2017-03-25 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-04-12 13:43 - 2017-03-25 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 18:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 18:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-04-12 13:43 - 2017-03-25 18:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 18:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-04-12 13:43 - 2017-03-25 18:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 18:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 18:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 18:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-04-12 13:43 - 2017-03-25 18:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-04-12 13:43 - 2017-03-25 18:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 18:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 18:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-04-12 13:43 - 2017-03-25 18:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-04-12 13:43 - 2017-03-25 18:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 18:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-04-12 13:43 - 2017-03-25 17:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 17:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 17:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 17:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-04-12 13:43 - 2017-03-25 17:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 17:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-24 23:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-04-12 13:43 - 2017-03-24 23:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-04-12 13:43 - 2017-03-22 16:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-04-12 13:43 - 2017-03-14 16:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-04-12 13:43 - 2017-03-14 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-04-12 13:43 - 2017-03-14 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-04-12 13:43 - 2017-03-10 17:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-04-12 13:43 - 2017-03-10 16:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-04-12 13:43 - 2017-03-08 21:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 21:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 05:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-04-12 13:43 - 2017-03-08 05:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-04-12 13:43 - 2017-03-08 05:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-04-12 13:43 - 2017-03-08 05:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-04-12 13:43 - 2017-03-08 05:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-04-12 13:43 - 2017-03-08 05:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-04-12 13:43 - 2017-03-08 04:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-04-12 13:43 - 2017-03-08 04:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 04:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-04-12 13:43 - 2017-03-08 04:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-04-12 13:43 - 2017-03-08 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 04:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-04-12 13:43 - 2017-03-08 04:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-07 17:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 17:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 15:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-02-14 17:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-04-12 13:43 - 2017-02-14 17:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-04-12 13:43 - 2017-02-11 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-04-12 13:43 - 2017-02-11 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-04-12 13:43 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-04-12 13:24 - 2017-04-12 13:24 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
    2017-04-12 13:16 - 2017-04-12 13:16 - 00000000 ____D C:\ProgramData\CheckPoint
    2017-04-12 13:03 - 2017-04-05 06:58 - 00365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2017-04-12 12:58 - 2017-04-12 12:58 - 05363680 _____ (COMODO) C:\Users\user\Downloads\cmd_fw_installer_6113_c7.exe
    2017-04-11 16:54 - 2017-04-11 16:54 - 00000000 ____D C:\Program Files (x86)\Realtek
    2017-04-06 23:23 - 2017-04-05 06:58 - 00230592 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
    2017-04-06 23:23 - 2017-04-05 06:56 - 00194752 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00732368 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
    2017-04-05 07:00 - 2017-04-05 07:00 - 00941768 _____ (COMODO) C:\Windows\system32\guard64.dll
    2017-04-05 06:58 - 2017-04-05 06:58 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
    2017-04-05 06:56 - 2017-04-05 06:56 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
    2017-03-28 21:33 - 2017-03-28 21:33 - 00848736 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00119392 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00057504 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00031664 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-20 15:05 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-20 15:05 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-20 14:59 - 2014-06-11 20:29 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
    2017-04-20 14:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-20 14:54 - 2014-06-02 19:40 - 00000000 ____D C:\Windows\pss
    2017-04-20 14:48 - 2014-05-13 12:10 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-04-20 14:46 - 2015-08-02 16:53 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-04-20 14:22 - 2016-09-27 15:15 - 00000000 ____D C:\Program Files (x86)\Avira
    2017-04-20 14:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2017-04-20 14:11 - 2015-04-06 14:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
    2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Package Cache
    2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Avira
    2017-04-20 14:06 - 2015-07-19 15:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-04-20 13:33 - 2016-06-04 11:14 - 00000000 ____D C:\Users\user\Desktop\Movavi Video Converter
    2017-04-19 21:27 - 2014-06-02 19:23 - 00000000 ____D C:\ProgramData\TEMP
    2017-04-19 20:32 - 2016-03-27 15:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-04-19 00:09 - 2009-07-14 06:13 - 00908594 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-04-17 00:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2017-04-16 17:55 - 2014-07-06 15:32 - 00000000 ____D C:\Windows\ERDNT
    2017-04-16 15:15 - 2014-06-03 23:38 - 00000000 ____D C:\Users\user\Documents\Calibre Library
    2017-04-16 00:28 - 2015-02-01 20:16 - 00003209 _____ C:\Users\user\Desktop\owners club clickable links.txt
    2017-04-14 16:25 - 2016-06-01 20:13 - 00001084 _____ C:\Users\user\Desktop\coil harness connections.txt
    2017-04-14 11:39 - 2009-07-14 05:45 - 00321840 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-04-13 11:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Performance
    2017-04-12 19:32 - 2014-05-15 10:51 - 00892460 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-04-12 15:40 - 2014-06-02 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2017-04-12 15:31 - 2016-03-04 12:39 - 00000000 ____D C:\Users\user\Desktop\The Prisoner
    2017-04-12 15:31 - 2016-02-18 23:14 - 00000000 ____D C:\Users\user\Desktop\11-22-63
    2017-04-12 14:52 - 2014-05-13 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-04-12 14:48 - 2014-05-13 12:50 - 00000000 ____D C:\Windows\system32\MRT
    2017-04-12 14:40 - 2014-05-13 12:50 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-04-11 17:06 - 2014-06-02 16:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-04-11 17:06 - 2014-06-02 16:28 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-04-11 14:53 - 2015-07-25 16:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-04-11 14:52 - 2015-11-05 14:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-04-04 20:12 - 2014-07-19 12:33 - 00000000 ____D C:\Program Files\Recuva
    2017-03-22 14:35 - 2014-06-03 10:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-03-22 14:35 - 2014-06-03 10:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-03-22 14:35 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-03-22 14:35 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\system32\Macromed
    2017-03-22 14:35 - 2014-05-13 12:03 - 00000000 ____D C:\Users\user\AppData\Local\Adobe

    ==================== Files in the root of some directories =======

    2014-06-03 13:30 - 2014-06-03 13:30 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
    2014-06-03 13:30 - 2014-06-03 13:30 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
    2014-06-03 13:31 - 2014-06-03 13:31 - 0000074 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
    2014-06-03 13:31 - 2014-06-03 13:32 - 0001041 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
    2014-06-03 14:26 - 2017-02-24 17:15 - 0060416 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-06-09 18:59 - 2017-01-06 04:20 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
    2017-04-12 13:03 - 2017-04-05 06:58 - 0365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2014-06-02 17:04 - 2014-06-02 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-06-02 19:19 - 2014-06-02 19:19 - 0004104 _____ () C:\ProgramData\ojobkspa.ako

    Files to move or delete:
    ====================
    C:\ProgramData\cmdres.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-04-17 00:20

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
    Ran by user (20-04-2017 15:09:17)
    Running from C:\Users\user\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2014-05-13 10:46:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3226483179-4034785836-799415362-500 - Administrator - Disabled)
    Guest (S-1-5-21-3226483179-4034785836-799415362-501 - Limited - Disabled)
    user (S-1-5-21-3226483179-4034785836-799415362-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft)
    ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.49 - ArcSoft)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009608308.48.56.44502250 - Audible, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
    Barrow Hill (HKLM-x32\...\Barrow Hill) (Version:  - )
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    BitTorrent (HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.)
    calibre (HKLM-x32\...\{9AB9E32A-236E-4A1E-AE76-367C8798A338}) (Version: 2.74.0 - Kovid Goyal)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
    Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MG4200 series User Registration (HKLM-x32\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
    COMODO Firewall (Version: 10.0.1.6209 - COMODO Security Solutions Inc.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    [bleep] NFO Viewer 2.10.0031 RC3 (HKLM-x32\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - [bleep])
    Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
    Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
    ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version:  - )
    Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
    Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
    MediaCoder x64 0.8.30.5620 (HKLM\...\MediaCoder x64) (Version: 0.8.30.5620 - Mediatronic)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0107.120 - Mio Technology)
    Movavi Video Converter 10 (HKLM-x32\...\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}) (Version: 10.02.002 - Movavi)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 46.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 46.0 (x64 en-GB)) (Version: 46.0 - Mozilla)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 9 Essentials (HKLM-x32\...\{378ce143-1a66-4483-8a2f-2e11d3efbfd7}) (Version:  - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
    PlayFLV (HKLM-x32\...\PlayFLV) (Version:  - )
    Private Proxy (HKLM-x32\...\{26E8F025-1C39-4394-8252-F62CDD14C7FB}) (Version: 3.01 - Privacy Partners)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
    Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.6.4 - Shark007)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - Ulead System)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
    WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {044FF1CA-37E0-4B15-82B9-B2B1D9D20065} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {05F5439E-37A8-4F6D-AE29-C5D0D061ED5C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {11E698AC-DADF-4EEB-9C7F-1B8E94B8CFFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {4DAFED21-0D75-41AF-8FC0-BE8491D3D996} - System32\Tasks\{E2AEF9EF-D5B1-4B36-8AC8-9F9E65F06D17} => pcalua.exe -a C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10\InstallFilter.exe -d C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10
    Task: {9E337AD6-7178-4A0E-95F4-874661D92D10} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-20] (AVAST Software)
    Task: {AA14A9F3-2FD9-43F9-8B2A-57060CF88CD1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-05] (COMODO)
    Task: {ABC2B4A9-962D-41EB-996D-F19C1BA4E1F0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {B3A02422-06B1-47F1-9D42-0223D38B69FB} - System32\Tasks\SafeZone scheduled Autoupdate 1492696168 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
    Task: {B3A69E1D-9F53-4084-82DA-28230B656AFD} - System32\Tasks\Amazon Music Helper => C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe
    Task: {E9E17218-1E38-49F0-9708-80C91EAEFAC5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\user\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-04-05 06:57 - 2017-04-05 06:57 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
    2017-04-05 06:57 - 2017-04-05 06:57 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-04-20 14:48 - 2017-04-20 14:48 - 06021752 _____ () C:\Program Files\AVAST Software\Avast\defs\17042000\algo.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2017-04-20 15:04 - 2017-04-20 15:04 - 05917184 _____ () C:\Program Files\AVAST Software\Avast\defs\17042006\algo.dll
    2017-04-20 14:46 - 2017-04-20 14:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9C.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9I.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNMLMB9.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9U.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlssrv32.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdZnID [26]
    AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\TEMP:1A15E356 [364]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:7C9E34A2 [123]
    AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [192]
    AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [406]
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [312]
    AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7 [132]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7867 more sites.

    IE trusted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\vizzed.com -> www.vizzed.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123simsen.com -> www.123simsen.com

    There are 7865 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-12-28 15:54 - 00450771 ____N C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    127.0.0.1    1-2005-search.com
    127.0.0.1    123fporn.info
    127.0.0.1    www.123fporn.info
    127.0.0.1    123haustiereundmehr.com
    127.0.0.1    www.123haustiereundmehr.com
    127.0.0.1    123moviedownload.com
    127.0.0.1    www.123moviedownload.com

    There are 15463 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{AAC05A9B-0391-4F29-A756-1112A160C9A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{5908E71C-9DE9-4EA1-A1C9-EFE70FA14DC1}] => (Allow) LPort=2869
    FirewallRules: [{E7A42576-E152-4567-B56E-32B4A7FBF7F8}] => (Allow) LPort=1900
    FirewallRules: [{0AA000F8-2737-4AA8-8820-98F8F9A27203}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{208F3C06-2352-4241-BB7D-BA5C4B2BAC71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7DD8225E-325E-4E83-AFA0-EDAE2BF10B03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6196CCDF-1E05-4FFC-A7BC-94351A53A9EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{05A82E4D-5107-4507-9ECB-3E4E9C26B47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{E74E063E-5349-4B2A-8DD1-3DBF11EF2C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{1934F01E-AB6A-4013-B6E9-1C7DBF552A7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7FBFEB9F-77D6-42E9-AB15-7ECC60BEA72B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{68E0D4DE-1D71-4310-800C-114BF3CB2DF4}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [UDP Query User{8DFB8401-13ED-413A-9CCC-21FEE89522CE}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [TCP Query User{EE746837-BFC8-4001-B5E0-3FB0AB8638BB}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [UDP Query User{6DC74960-2CFA-4F1B-BA92-EDE77A830469}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [TCP Query User{E3513280-A828-40D8-A1DC-6D845247140E}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{1995A1F4-CDD0-4FF5-AA26-46A4BA57E35F}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [TCP Query User{4575C643-5139-4198-B4A5-3793D5D5AC38}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [UDP Query User{92792CAC-D89D-4B61-B77D-543789E93FAD}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [{9891CE18-8161-4DCD-B513-63DFF86BFC4E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{E94F96F8-E2E6-458C-B249-2AFA15805432}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{7747B5E0-DC7A-4590-8029-BE73D4C89A18}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{8E18FF2D-E4EB-482D-95A2-FD3F65A93211}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{147AB450-66A7-46B4-8256-5360944F3066}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{FDF8781B-916B-43E5-9B95-19505063E69E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{ACFDBE38-D6CC-4B69-83E3-3772E923C867}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{47005BA6-1FED-4444-B6B9-BDD33340F299}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6329747A-09B6-405C-BABE-08748C24FABC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{F72C1F80-E318-4906-93D3-BCD0F0F98FD9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{7E93D640-6CF5-4945-A7FA-DBF5673387B0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{CA092A44-81AF-49AB-B46C-252C0E02AC3E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{22BC4865-15EA-438D-AA21-52F9D8AD0521}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    20-04-2017 11:27:40 JRT Pre-Junkware Removal
    20-04-2017 14:13:18 Removed Diskeeper 2010 Pro Premier.

    ==================== Faulty Device Manager Devices =============

    Name: pcouffin device ...
    Description: pcouffin device ...
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/20/2017 02:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CNQMUPDT.EXE, version: 2.0.0.0, time stamp: 0x4f7a7000
    Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
    Exception code: 0xc0000005
    Fault offset: 0x000023c6
    Faulting process id: 0x9d8
    Faulting application start time: 0x01d2b9de39ea2825
    Faulting application path: C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
    Faulting module path: C:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLL
    Report Id: 80ab26cc-25d1-11e7-bb7b-001bfc6fe062

    Error: (04/20/2017 02:13:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored.

    Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
    Description: Event provider CisWmi attempted to register query "SELECT * FROM CisEvent" whose target class "CisEvent" in //./root/cis namespace does not exist. The query will be ignored.


    System errors:
    =============
    Error: (04/20/2017 02:59:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 02:59:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The isesrv service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 02:59:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 02:50:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 02:50:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The isesrv service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 02:50:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/20/2017 01:32:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (04/20/2017 01:10:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (04/20/2017 01:10:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (04/20/2017 01:10:12 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server:
    {204810B9-73B2-11D4-BF42-00B0D0118B56}


    CodeIntegrity:
    ===================================
      Date: 2017-04-20 14:57:13.239
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:57:13.036
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:50:37.860
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:50:37.610
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:23:26.282
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:23:26.142
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:21:40.088
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:21:39.885
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:04:52.688
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-20 14:04:52.516
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™2 CPU 6420 @ 2.13GHz
    Percentage of memory in use: 61%
    Total physical RAM: 3071.24 MB
    Available physical RAM: 1177.65 MB
    Total Virtual: 6140.67 MB
    Available Virtual: 4141.82 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:221.17 GB) (Free:109.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:64.67 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 612C6EEB)
    Partition 1: (Not Active) - (Size=11.7 GB) - (Type=17)
    Partition 2: (Active) - (Size=221.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
    Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

     

     

    2017-04-20 15:23:14, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:14, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:16, Info                  CSI    0000000c [SR] Verify complete
    2017-04-20 15:23:17, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:17, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:19, Info                  CSI    00000010 [SR] Verify complete
    2017-04-20 15:23:21, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:21, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:23, Info                  CSI    00000014 [SR] Verify complete
    2017-04-20 15:23:25, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:25, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:28, Info                  CSI    00000018 [SR] Verify complete
    2017-04-20 15:23:29, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:29, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:32, Info                  CSI    0000001c [SR] Verify complete
    2017-04-20 15:23:34, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:34, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:36, Info                  CSI    00000020 [SR] Verify complete
    2017-04-20 15:23:37, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:37, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:39, Info                  CSI    00000024 [SR] Verify complete
    2017-04-20 15:23:41, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:41, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:43, Info                  CSI    00000028 [SR] Verify complete
    2017-04-20 15:23:44, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:44, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:46, Info                  CSI    0000002c [SR] Verify complete
    2017-04-20 15:23:48, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:48, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:51, Info                  CSI    00000030 [SR] Verify complete
    2017-04-20 15:23:52, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:52, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:54, Info                  CSI    00000034 [SR] Verify complete
    2017-04-20 15:23:56, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:56, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:23:57, Info                  CSI    00000038 [SR] Verify complete
    2017-04-20 15:23:59, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:23:59, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:02, Info                  CSI    0000003c [SR] Verify complete
    2017-04-20 15:24:04, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:04, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:06, Info                  CSI    00000040 [SR] Verify complete
    2017-04-20 15:24:07, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:07, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:08, Info                  CSI    00000044 [SR] Verify complete
    2017-04-20 15:24:10, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:10, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:11, Info                  CSI    00000048 [SR] Verify complete
    2017-04-20 15:24:12, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:12, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:14, Info                  CSI    0000004c [SR] Verify complete
    2017-04-20 15:24:16, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:16, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:17, Info                  CSI    00000050 [SR] Verify complete
    2017-04-20 15:24:18, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:18, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:20, Info                  CSI    00000054 [SR] Verify complete
    2017-04-20 15:24:22, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:22, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:23, Info                  CSI    00000058 [SR] Verify complete
    2017-04-20 15:24:24, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:24, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:26, Info                  CSI    0000005c [SR] Verify complete
    2017-04-20 15:24:27, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:27, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:29, Info                  CSI    00000060 [SR] Verify complete
    2017-04-20 15:24:30, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:30, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:32, Info                  CSI    00000064 [SR] Verify complete
    2017-04-20 15:24:33, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:33, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:35, Info                  CSI    00000068 [SR] Verify complete
    2017-04-20 15:24:36, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:36, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:38, Info                  CSI    0000006c [SR] Verify complete
    2017-04-20 15:24:39, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:39, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:41, Info                  CSI    00000070 [SR] Verify complete
    2017-04-20 15:24:42, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:42, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:43, Info                  CSI    00000074 [SR] Verify complete
    2017-04-20 15:24:44, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:44, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:46, Info                  CSI    00000078 [SR] Verify complete
    2017-04-20 15:24:48, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:48, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:53, Info                  CSI    0000007c [SR] Verify complete
    2017-04-20 15:24:54, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:54, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:56, Info                  CSI    00000080 [SR] Verify complete
    2017-04-20 15:24:57, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:24:57, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:24:59, Info                  CSI    00000084 [SR] Verify complete
    2017-04-20 15:25:00, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:00, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:03, Info                  CSI    00000088 [SR] Verify complete
    2017-04-20 15:25:04, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:04, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:05, Info                  CSI    0000008c [SR] Verify complete
    2017-04-20 15:25:06, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:06, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:08, Info                  CSI    00000090 [SR] Verify complete
    2017-04-20 15:25:09, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:09, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:12, Info                  CSI    00000094 [SR] Verify complete
    2017-04-20 15:25:13, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:13, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:14, Info                  CSI    00000098 [SR] Verify complete
    2017-04-20 15:25:15, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:15, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:19, Info                  CSI    0000009c [SR] Verify complete
    2017-04-20 15:25:20, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:20, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:21, Info                  CSI    000000a0 [SR] Verify complete
    2017-04-20 15:25:22, Info                  CSI    000000a1 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:22, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:24, Info                  CSI    000000a4 [SR] Verify complete
    2017-04-20 15:25:25, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:25, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:27, Info                  CSI    000000a8 [SR] Verify complete
    2017-04-20 15:25:28, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:28, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:30, Info                  CSI    000000ac [SR] Verify complete
    2017-04-20 15:25:31, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:31, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:33, Info                  CSI    000000b0 [SR] Verify complete
    2017-04-20 15:25:34, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:34, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:39, Info                  CSI    000000b4 [SR] Verify complete
    2017-04-20 15:25:39, Info                  CSI    000000b5 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:39, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:45, Info                  CSI    000000b8 [SR] Verify complete
    2017-04-20 15:25:46, Info                  CSI    000000b9 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:46, Info                  CSI    000000ba [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:50, Info                  CSI    000000bc [SR] Verify complete
    2017-04-20 15:25:51, Info                  CSI    000000bd [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:51, Info                  CSI    000000be [SR] Beginning Verify and Repair transaction
    2017-04-20 15:25:58, Info                  CSI    000000c0 [SR] Verify complete
    2017-04-20 15:25:59, Info                  CSI    000000c1 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:25:59, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:26:10, Info                  CSI    000000c5 [SR] Verify complete
    2017-04-20 15:26:11, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:26:11, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:26:19, Info                  CSI    000000cc [SR] Verify complete
    2017-04-20 15:26:22, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:26:22, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
    2017-04-20 15:26:32, Info                  CSI    000000d1 [SR] Verify complete
    2017-04-20 15:26:33, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:26:33, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:26:40, Info                  CSI    000000d5 [SR] Verify complete
    2017-04-20 15:26:41, Info                  CSI    000000d6 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:26:41, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:26:54, Info                  CSI    000000f6 [SR] Verify complete
    2017-04-20 15:26:56, Info                  CSI    000000f7 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:26:56, Info                  CSI    000000f8 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:27:05, Info                  CSI    00000100 [SR] Verify complete
    2017-04-20 15:27:06, Info                  CSI    00000101 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:27:06, Info                  CSI    00000102 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:27:14, Info                  CSI    00000104 [SR] Verify complete
    2017-04-20 15:27:16, Info                  CSI    00000105 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:27:16, Info                  CSI    00000106 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:27:37, Info                  CSI    00000108 [SR] Verify complete
    2017-04-20 15:27:38, Info                  CSI    00000109 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:27:38, Info                  CSI    0000010a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:27:49, Info                  CSI    0000010c [SR] Verify complete
    2017-04-20 15:27:49, Info                  CSI    0000010d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:27:49, Info                  CSI    0000010e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:28:04, Info                  CSI    00000110 [SR] Verify complete
    2017-04-20 15:28:05, Info                  CSI    00000111 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:28:05, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:28:17, Info                  CSI    00000114 [SR] Verify complete
    2017-04-20 15:28:18, Info                  CSI    00000115 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:28:18, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:28:37, Info                  CSI    00000139 [SR] Verify complete
    2017-04-20 15:28:38, Info                  CSI    0000013a [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:28:38, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
    2017-04-20 15:28:49, Info                  CSI    0000013d [SR] Verify complete
    2017-04-20 15:28:50, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:28:50, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
    2017-04-20 15:29:08, Info                  CSI    00000141 [SR] Verify complete
    2017-04-20 15:29:09, Info                  CSI    00000142 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:29:09, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:29:23, Info                  CSI    00000147 [SR] Verify complete
    2017-04-20 15:29:23, Info                  CSI    00000148 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:29:23, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:29:29, Info                  CSI    0000014b [SR] Verify complete
    2017-04-20 15:29:31, Info                  CSI    0000014c [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:29:31, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
    2017-04-20 15:29:34, Info                  CSI    0000014f [SR] Verify complete
    2017-04-20 15:29:34, Info                  CSI    00000150 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:29:34, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:29:43, Info                  CSI    00000153 [SR] Verify complete
    2017-04-20 15:29:44, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:29:44, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:29:55, Info                  CSI    00000168 [SR] Verify complete
    2017-04-20 15:29:55, Info                  CSI    00000169 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:29:55, Info                  CSI    0000016a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:29:59, Info                  CSI    0000016c [SR] Verify complete
    2017-04-20 15:29:59, Info                  CSI    0000016d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:29:59, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:30:05, Info                  CSI    00000170 [SR] Verify complete
    2017-04-20 15:30:06, Info                  CSI    00000171 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:30:06, Info                  CSI    00000172 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:30:11, Info                  CSI    00000174 [SR] Verify complete
    2017-04-20 15:30:12, Info                  CSI    00000175 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:30:12, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:30:38, Info                  CSI    00000179 [SR] Verify complete
    2017-04-20 15:30:45, Info                  CSI    0000017a [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:30:45, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
    2017-04-20 15:31:32, Info                  CSI    0000017e [SR] Verify complete
    2017-04-20 15:31:34, Info                  CSI    0000017f [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:31:34, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:31:43, Info                  CSI    00000182 [SR] Verify complete
    2017-04-20 15:31:44, Info                  CSI    00000183 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:31:44, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:31:48, Info                  CSI    00000186 [SR] Verify complete
    2017-04-20 15:31:49, Info                  CSI    00000187 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:31:49, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:32:00, Info                  CSI    0000018a [SR] Verify complete
    2017-04-20 15:32:01, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:32:01, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
    2017-04-20 15:32:13, Info                  CSI    0000018e [SR] Verify complete
    2017-04-20 15:32:13, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:32:13, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:32:34, Info                  CSI    00000192 [SR] Verify complete
    2017-04-20 15:32:35, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:32:35, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:32:49, Info                  CSI    000001ac [SR] Verify complete
    2017-04-20 15:32:50, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:32:50, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
    2017-04-20 15:32:59, Info                  CSI    000001b0 [SR] Verify complete
    2017-04-20 15:32:59, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:32:59, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:33:24, Info                  CSI    000001b4 [SR] Verify complete
    2017-04-20 15:33:24, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:33:24, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:33:40, Info                  CSI    000001b9 [SR] Verify complete
    2017-04-20 15:33:41, Info                  CSI    000001ba [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:33:41, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
    2017-04-20 15:33:52, Info                  CSI    000001bd [SR] Verify complete
    2017-04-20 15:33:53, Info                  CSI    000001be [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:33:53, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
    2017-04-20 15:34:00, Info                  CSI    000001c1 [SR] Verify complete
    2017-04-20 15:34:00, Info                  CSI    000001c2 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:34:00, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:34:09, Info                  CSI    000001c5 [SR] Verify complete
    2017-04-20 15:34:10, Info                  CSI    000001c6 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:34:10, Info                  CSI    000001c7 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:34:16, Info                  CSI    000001cb [SR] Verify complete
    2017-04-20 15:34:17, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:34:17, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
    2017-04-20 15:34:24, Info                  CSI    000001cf [SR] Verify complete
    2017-04-20 15:34:24, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:34:24, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:34:45, Info                  CSI    000001d3 [SR] Verify complete
    2017-04-20 15:34:46, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:34:46, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:34:57, Info                  CSI    000001d8 [SR] Verify complete
    2017-04-20 15:34:58, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:34:58, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
    2017-04-20 15:35:06, Info                  CSI    000001dd [SR] Verify complete
    2017-04-20 15:35:06, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:35:06, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
    2017-04-20 15:35:14, Info                  CSI    000001e1 [SR] Verify complete
    2017-04-20 15:35:15, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:35:15, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:35:28, Info                  CSI    000001e6 [SR] Verify complete
    2017-04-20 15:35:28, Info                  CSI    000001e7 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:35:28, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:35:35, Info                  CSI    000001ea [SR] Verify complete
    2017-04-20 15:35:36, Info                  CSI    000001eb [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:35:36, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
    2017-04-20 15:35:44, Info                  CSI    000001ee [SR] Verify complete
    2017-04-20 15:35:44, Info                  CSI    000001ef [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:35:44, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:35:51, Info                  CSI    000001f2 [SR] Verify complete
    2017-04-20 15:35:52, Info                  CSI    000001f3 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:35:52, Info                  CSI    000001f4 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:00, Info                  CSI    000001f7 [SR] Verify complete
    2017-04-20 15:36:00, Info                  CSI    000001f8 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:00, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:06, Info                  CSI    000001fc [SR] Verify complete
    2017-04-20 15:36:07, Info                  CSI    000001fd [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:07, Info                  CSI    000001fe [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:13, Info                  CSI    00000200 [SR] Verify complete
    2017-04-20 15:36:14, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:14, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:23, Info                  CSI    00000205 [SR] Verify complete
    2017-04-20 15:36:24, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:24, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:31, Info                  CSI    0000020b [SR] Verify complete
    2017-04-20 15:36:32, Info                  CSI    0000020c [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:32, Info                  CSI    0000020d [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:40, Info                  CSI    0000020f [SR] Verify complete
    2017-04-20 15:36:41, Info                  CSI    00000210 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:41, Info                  CSI    00000211 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:50, Info                  CSI    00000214 [SR] Verify complete
    2017-04-20 15:36:51, Info                  CSI    00000215 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:51, Info                  CSI    00000216 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:36:59, Info                  CSI    00000218 [SR] Verify complete
    2017-04-20 15:36:59, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:36:59, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:37:03, Info                  CSI    0000021c [SR] Verify complete
    2017-04-20 15:37:03, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:37:03, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:37:09, Info                  CSI    00000220 [SR] Verify complete
    2017-04-20 15:37:10, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:37:10, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:37:17, Info                  CSI    00000224 [SR] Verify complete
    2017-04-20 15:37:18, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:37:18, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:37:25, Info                  CSI    00000228 [SR] Verify complete
    2017-04-20 15:37:26, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:37:26, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:37:32, Info                  CSI    0000022c [SR] Verify complete
    2017-04-20 15:37:33, Info                  CSI    0000022d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:37:33, Info                  CSI    0000022e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:37:39, Info                  CSI    00000230 [SR] Verify complete
    2017-04-20 15:37:40, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:37:40, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:37:58, Info                  CSI    00000234 [SR] Verify complete
    2017-04-20 15:37:59, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:37:59, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:38:32, Info                  CSI    00000238 [SR] Verify complete
    2017-04-20 15:38:32, Info                  CSI    00000239 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:38:32, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:38:42, Info                  CSI    0000023c [SR] Verify complete
    2017-04-20 15:38:42, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:38:42, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:38:51, Info                  CSI    00000240 [SR] Verify complete
    2017-04-20 15:38:52, Info                  CSI    00000241 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:38:52, Info                  CSI    00000242 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:38:54, Info                  CSI    00000244 [SR] Verify complete
    2017-04-20 15:38:55, Info                  CSI    00000245 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:38:55, Info                  CSI    00000246 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:00, Info                  CSI    00000248 [SR] Verify complete
    2017-04-20 15:39:01, Info                  CSI    00000249 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:01, Info                  CSI    0000024a [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:08, Info                  CSI    0000024c [SR] Verify complete
    2017-04-20 15:39:09, Info                  CSI    0000024d [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:09, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:13, Info                  CSI    00000250 [SR] Verify complete
    2017-04-20 15:39:14, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:14, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:15, Info                  CSI    00000254 [SR] Verify complete
    2017-04-20 15:39:16, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:16, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:22, Info                  CSI    0000025e [SR] Verify complete
    2017-04-20 15:39:23, Info                  CSI    0000025f [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:23, Info                  CSI    00000260 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:34, Info                  CSI    00000262 [SR] Verify complete
    2017-04-20 15:39:34, Info                  CSI    00000263 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:34, Info                  CSI    00000264 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:39, Info                  CSI    00000266 [SR] Verify complete
    2017-04-20 15:39:40, Info                  CSI    00000267 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:40, Info                  CSI    00000268 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:45, Info                  CSI    0000026a [SR] Verify complete
    2017-04-20 15:39:46, Info                  CSI    0000026b [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:46, Info                  CSI    0000026c [SR] Beginning Verify and Repair transaction
    2017-04-20 15:39:52, Info                  CSI    0000026e [SR] Verify complete
    2017-04-20 15:39:53, Info                  CSI    0000026f [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:39:53, Info                  CSI    00000270 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:40:02, Info                  CSI    00000273 [SR] Verify complete
    2017-04-20 15:40:03, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:40:03, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:40:10, Info                  CSI    00000277 [SR] Verify complete
    2017-04-20 15:40:10, Info                  CSI    00000278 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:40:10, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:40:14, Info                  CSI    0000027b [SR] Verify complete
    2017-04-20 15:40:14, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:40:14, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
    2017-04-20 15:40:24, Info                  CSI    00000280 [SR] Verify complete
    2017-04-20 15:40:25, Info                  CSI    00000281 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:40:25, Info                  CSI    00000282 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:40:41, Info                  CSI    00000286 [SR] Verify complete
    2017-04-20 15:40:41, Info                  CSI    00000287 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:40:41, Info                  CSI    00000288 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:40:53, Info                  CSI    0000028d [SR] Verify complete
    2017-04-20 15:40:54, Info                  CSI    0000028e [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:40:54, Info                  CSI    0000028f [SR] Beginning Verify and Repair transaction
    2017-04-20 15:41:04, Info                  CSI    00000297 [SR] Verify complete
    2017-04-20 15:41:04, Info                  CSI    00000298 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:41:04, Info                  CSI    00000299 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:41:25, Info                  CSI    000002a2 [SR] Verify complete
    2017-04-20 15:41:27, Info                  CSI    000002a3 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:41:27, Info                  CSI    000002a4 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:41:41, Info                  CSI    000002a9 [SR] Verify complete
    2017-04-20 15:41:41, Info                  CSI    000002aa [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:41:41, Info                  CSI    000002ab [SR] Beginning Verify and Repair transaction
    2017-04-20 15:41:55, Info                  CSI    000002af [SR] Verify complete
    2017-04-20 15:41:57, Info                  CSI    000002b0 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:41:57, Info                  CSI    000002b1 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:42:03, Info                  CSI    000002b3 [SR] Verify complete
    2017-04-20 15:42:04, Info                  CSI    000002b4 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:42:04, Info                  CSI    000002b5 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:42:14, Info                  CSI    000002d8 [SR] Verify complete
    2017-04-20 15:42:17, Info                  CSI    000002d9 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:42:17, Info                  CSI    000002da [SR] Beginning Verify and Repair transaction
    2017-04-20 15:42:24, Info                  CSI    000002de [SR] Verify complete
    2017-04-20 15:42:25, Info                  CSI    000002df [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:42:25, Info                  CSI    000002e0 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:42:32, Info                  CSI    000002e2 [SR] Verify complete
    2017-04-20 15:42:33, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:42:33, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:42:40, Info                  CSI    000002e6 [SR] Verify complete
    2017-04-20 15:42:41, Info                  CSI    000002e7 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:42:41, Info                  CSI    000002e8 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:42:48, Info                  CSI    000002f5 [SR] Verify complete
    2017-04-20 15:42:48, Info                  CSI    000002f6 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:42:48, Info                  CSI    000002f7 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:42:49, Info                  CSI    000002f9 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:42:49, Info                  CSI    000002fb [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:42:53, Info                  CSI    000002fd [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:42:54, Info                  CSI    000002ff [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:42:54, Info                  CSI    00000300 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:42:54, Info                  CSI    00000303 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
    2017-04-20 15:42:55, Info                  CSI    00000306 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:42:55, Info                  CSI    00000307 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:42:55, Info                  CSI    0000030a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted
    2017-04-20 15:42:55, Info                  CSI    0000030c [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:42:55, Info                  CSI    0000030d [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:42:55, Info                  CSI    00000310 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
    2017-04-20 15:42:55, Info                  CSI    00000312 [SR] Verify complete
    2017-04-20 15:42:57, Info                  CSI    00000313 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:42:57, Info                  CSI    00000314 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:43:01, Info                  CSI    00000316 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:43:08, Info                  CSI    00000318 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:43:08, Info                  CSI    00000319 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:43:08, Info                  CSI    0000031c [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
    2017-04-20 15:43:10, Info                  CSI    00000324 [SR] Verify complete
    2017-04-20 15:43:11, Info                  CSI    00000325 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:43:11, Info                  CSI    00000326 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:43:20, Info                  CSI    0000032e [SR] Verify complete
    2017-04-20 15:43:20, Info                  CSI    0000032f [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:43:20, Info                  CSI    00000330 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:43:26, Info                  CSI    00000332 [SR] Verify complete
    2017-04-20 15:43:26, Info                  CSI    00000333 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:43:26, Info                  CSI    00000334 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:43:36, Info                  CSI    00000337 [SR] Verify complete
    2017-04-20 15:43:36, Info                  CSI    00000338 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:43:36, Info                  CSI    00000339 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:43:40, Info                  CSI    0000033b [SR] Verify complete
    2017-04-20 15:43:41, Info                  CSI    0000033c [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:43:41, Info                  CSI    0000033d [SR] Beginning Verify and Repair transaction
    2017-04-20 15:43:49, Info                  CSI    0000033f [SR] Verify complete
    2017-04-20 15:43:50, Info                  CSI    00000340 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:43:50, Info                  CSI    00000341 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:43:56, Info                  CSI    00000343 [SR] Verify complete
    2017-04-20 15:43:57, Info                  CSI    00000344 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:43:57, Info                  CSI    00000345 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:44:03, Info                  CSI    00000347 [SR] Verify complete
    2017-04-20 15:44:04, Info                  CSI    00000348 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:44:04, Info                  CSI    00000349 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:44:18, Info                  CSI    00000363 [SR] Verify complete
    2017-04-20 15:44:19, Info                  CSI    00000364 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:44:19, Info                  CSI    00000365 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:44:38, Info                  CSI    00000367 [SR] Verify complete
    2017-04-20 15:44:38, Info                  CSI    00000368 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:44:38, Info                  CSI    00000369 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:44:47, Info                  CSI    0000036b [SR] Verify complete
    2017-04-20 15:44:48, Info                  CSI    0000036c [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:44:48, Info                  CSI    0000036d [SR] Beginning Verify and Repair transaction
    2017-04-20 15:44:57, Info                  CSI    0000036f [SR] Verify complete
    2017-04-20 15:44:57, Info                  CSI    00000370 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:44:57, Info                  CSI    00000371 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:15, Info                  CSI    00000375 [SR] Verify complete
    2017-04-20 15:45:16, Info                  CSI    00000376 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:16, Info                  CSI    00000377 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:21, Info                  CSI    00000379 [SR] Verify complete
    2017-04-20 15:45:22, Info                  CSI    0000037a [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:22, Info                  CSI    0000037b [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:27, Info                  CSI    0000037d [SR] Verify complete
    2017-04-20 15:45:28, Info                  CSI    0000037e [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:28, Info                  CSI    0000037f [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:33, Info                  CSI    00000381 [SR] Verify complete
    2017-04-20 15:45:34, Info                  CSI    00000382 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:34, Info                  CSI    00000383 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:39, Info                  CSI    00000386 [SR] Verify complete
    2017-04-20 15:45:40, Info                  CSI    00000387 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:40, Info                  CSI    00000388 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:46, Info                  CSI    0000038a [SR] Verify complete
    2017-04-20 15:45:46, Info                  CSI    0000038b [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:46, Info                  CSI    0000038c [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:52, Info                  CSI    0000038e [SR] Verify complete
    2017-04-20 15:45:53, Info                  CSI    0000038f [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:53, Info                  CSI    00000390 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:45:59, Info                  CSI    00000392 [SR] Verify complete
    2017-04-20 15:45:59, Info                  CSI    00000393 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:45:59, Info                  CSI    00000394 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:46:06, Info                  CSI    00000397 [SR] Verify complete
    2017-04-20 15:46:06, Info                  CSI    00000398 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:46:06, Info                  CSI    00000399 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:46:13, Info                  CSI    0000039b [SR] Verify complete
    2017-04-20 15:46:14, Info                  CSI    0000039c [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:46:14, Info                  CSI    0000039d [SR] Beginning Verify and Repair transaction
    2017-04-20 15:46:20, Info                  CSI    0000039f [SR] Verify complete
    2017-04-20 15:46:21, Info                  CSI    000003a0 [SR] Verifying 100 (0x0000000000000064) components
    2017-04-20 15:46:21, Info                  CSI    000003a1 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:46:27, Info                  CSI    000003a3 [SR] Verify complete
    2017-04-20 15:46:28, Info                  CSI    000003a4 [SR] Verifying 89 (0x0000000000000059) components
    2017-04-20 15:46:28, Info                  CSI    000003a5 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:46:33, Info                  CSI    000003a7 [SR] Verify complete
    2017-04-20 15:46:33, Info                  CSI    000003a8 [SR] Repairing 4 components
    2017-04-20 15:46:33, Info                  CSI    000003a9 [SR] Beginning Verify and Repair transaction
    2017-04-20 15:46:33, Info                  CSI    000003ab [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003ad [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003af [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003b1 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003b3 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003b4 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:46:33, Info                  CSI    000003b7 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
    2017-04-20 15:46:33, Info                  CSI    000003b9 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003ba [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:46:33, Info                  CSI    000003bd [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
    2017-04-20 15:46:33, Info                  CSI    000003bf [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003c0 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:46:33, Info                  CSI    000003c3 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
    2017-04-20 15:46:33, Info                  CSI    000003c5 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2017-04-20 15:46:33, Info                  CSI    000003c6 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2017-04-20 15:46:33, Info                  CSI    000003c9 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted
    2017-04-20 15:46:33, Info                  CSI    000003cb [SR] Repair complete
    2017-04-20 15:46:33, Info                  CSI    000003cc [SR] Committing transaction
    2017-04-20 15:46:33, Info                  CSI    000003d0 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
     

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 20/04/2017 15:50:28

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 20/04/2017 14:29:29
    Type: Error Category: 0
    Event: 36887 Source: Schannel
    The following fatal alert was received: 20.

    Log: 'System' Date/Time: 20/04/2017 14:20:39
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 20/04/2017 15:52:03

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 20/04/2017 14:15:28
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3226483179-4034785836-799415362-1000:
    Process 1304 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3226483179-4034785836-799415362-1000

     

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    cavwp.exe        16,488 K    4,828 K    4092    COMODO Internet Security    COMODO    (Verified) Comodo Security Solutions
    cis.exe        6,868 K    6,880 K    916    COMODO Internet Security    COMODO    (Verified) Comodo Security Solutions
    jusched.exe        2,036 K    6,436 K    2784    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
    Locator.exe        1,548 K    3,592 K    2028    Rpc Locator    Microsoft Corporation    (Verified) Microsoft Windows
    lsass.exe        5,340 K    11,164 K    628    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
    notepad.exe        2,120 K    12,332 K    1972    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
    procexp.exe        2,952 K    8,528 K    3372    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    services.exe        6,188 K    8,876 K    612    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
    smss.exe        440 K    1,008 K    384    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
    spoolsv.exe        7,720 K    10,900 K    1412    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
    SSDMonitor.exe        1,848 K    5,840 K    3576    SSDMonit Application    PC Tools    (Verified) PC Tools
    svchost.exe        5,520 K    10,052 K    1592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,560 K    6,912 K    1088    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        4,540 K    6,652 K    1624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,888 K    5,884 K    1140    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        1,732 K    4,140 K    1912    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,748 K    5,704 K    2960    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        4,464 K    8,088 K    904    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        4,776 K    9,388 K    816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        12,392 K    10,516 K    1444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        15,256 K    15,788 K    252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        126,496 K    132,092 K    416    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    TrustedInstaller.exe        11,520 K    17,212 K    4408    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
    wininit.exe        1,512 K    3,980 K    552    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
    winlogon.exe        2,748 K    5,548 K    700    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
    WmiPrvSE.exe        3,308 K    8,016 K    4124    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    WmiPrvSE.exe        5,828 K    11,392 K    1584    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    StartManSvc.exe    < 0.01    3,480 K    9,072 K    1816    StartMan Application    PC Tools    (Verified) PC Tools
    svchost.exe    < 0.01    22,916 K    17,380 K    1252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    < 0.01    21,476 K    31,204 K    1036    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    csrss.exe    < 0.01    2,356 K    4,332 K    480    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    taskhost.exe    < 0.01    12,836 K    12,908 K    2232    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
    aswidsagenta.exe    < 0.01    16,212 K    23,880 K    2972    Avast Behavior Shield    AVAST Software s.r.o.    (Verified) AVAST Software s.r.o.
    vkise.exe    < 0.01    11,160 K    19,588 K    2788    Internet Security Essentials    COMODO    (Verified) Comodo Security Solutions
    isesrv.exe    < 0.01    2,448 K    4,516 K    1656    Internet Security Essentials    COMODO    (Verified) Comodo Security Solutions
    csrss.exe    < 0.01    11,012 K    14,612 K    576    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    AvastUI.exe    0.01    20,188 K    31,824 K    3560    Avast Antivirus    AVAST Software    (Verified) AVAST Software s.r.o.
    svchost.exe    0.01    8,112 K    11,112 K    732    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    CisTray.exe    0.01    3,904 K    2,880 K    3184    COMODO Internet Security    COMODO    (Verified) Comodo Security Solutions
    AvastSvc.exe    0.03    99,612 K    40,972 K    1316    Avast Service    AVAST Software    (Verified) AVAST Software s.r.o.
    lsm.exe    0.03    3,176 K    5,084 K    636    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
    explorer.exe    0.08    36,480 K    70,020 K    2328    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
    Interrupts    0.16    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    cmdagent.exe    0.28    31,360 K    40,076 K    952    COMODO Internet Security    COMODO    (Verified) Comodo Security Solutions
    dwm.exe    0.52    48,800 K    79,956 K    2392    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
    System    0.77    160 K    1,752 K    4            
    firefox.exe    1.90    743,676 K    789,444 K    4348    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    procexp64.exe    2.86    25,252 K    49,868 K    4188    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    System Idle Process    93.32    0 K    24 K    0            
     

    Image Name                     PID Services                                    
    ========================= ======== ============================================
    System Idle Process              0 N/A                                         
    System                           4 N/A                                         
    smss.exe                       384 N/A                                         
    csrss.exe                      480 N/A                                         
    wininit.exe                    552 N/A                                         
    csrss.exe                      576 N/A                                         
    services.exe                   612 N/A                                         
    lsass.exe                      628 SamSs                                       
    lsm.exe                        636 N/A                                         
    winlogon.exe                   700 N/A                                         
    svchost.exe                    816 DcomLaunch, PlugPlay, Power                 
    svchost.exe                    904 RpcEptMapper, RpcSs                         
    cmdagent.exe                   952 CmdAgent                                    
    svchost.exe                    252 AudioSrv, Dhcp, eventlog, wscsvc            
    svchost.exe                    416 AudioEndpointBuilder, Netman, PcaSvc,       
                                       SysMain, TrkWks, UxSms, WdiSystemHost       
    svchost.exe                    732 EventSystem, FontCache, netprofm, nsi,      
                                       SstpSvc, WdiServiceHost, WinHttpAutoProxySv
    svchost.exe                   1036 BITS, IKEEXT, iphlpsvc, LanmanServer,       
                                       ProfSvc, RasMan, Schedule, seclogon, SENS,  
                                       ShellHWDetection, Themes, Winmgmt, wuauserv
    svchost.exe                   1140 gpsvc                                       
    svchost.exe                   1252 CryptSvc, Dnscache, LanmanWorkstation,      
                                       NlaSvc, TapiSrv                             
    AvastSvc.exe                  1316 avast! Antivirus                            
    spoolsv.exe                   1412 Spooler                                     
    svchost.exe                   1444 BFE, DPS, MpsSvc                            
    svchost.exe                   1592 DiagTrack                                   
    svchost.exe                   1624 FDResPub                                    
    isesrv.exe                    1656 isesrv                                      
    StartManSvc.exe               1816 PCToolsSSDMonitorSvc                        
    svchost.exe                   1912 RemoteRegistry                              
    Locator.exe                   2028 RpcLocator                                  
    svchost.exe                   1088 stisvc                                      
    taskhost.exe                  2232 N/A                                         
    dwm.exe                       2392 N/A                                         
    aswidsagenta.exe              2972 aswbIDSAgent                                
    svchost.exe                   2960 PolicyAgent                                 
    cavwp.exe                     4092 N/A                                         
    CisTray.exe                   3184 N/A                                         
    AvastUI.exe                   3560 N/A                                         
    jusched.exe                   2784 N/A                                         
    SSDMonitor.exe                3576 N/A                                         
    vkise.exe                     2788 N/A                                         
    cis.exe                        916 N/A                                         
    explorer.exe                  2328 N/A                                         
    firefox.exe                   4348 N/A                                         
    WmiPrvSE.exe                  1584 N/A                                         
    notepad.exe                   1972 N/A                                         
    WmiPrvSE.exe                  4124 N/A                                         
    cmd.exe                       4964 N/A                                         
    conhost.exe                   4308 N/A                                         
    tasklist.exe                  4840 N/A                                         
     

     

     

    Attached Files


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    Looks like yours is a desktop and use the standard CR3032 Lithium battery.  This is available at most drugstores, Walmart, Best Buy.  I think even Lowes has them.  If you are not in a hurry you can get them online really cheap but at the stores it should be under $10.  After you change it out go in to the BIOS setup and set it to default and set the time and date.

     

     

    You can keep the Comodo Firewall but you need to uninstall

     

    Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)

     

     

    which came along with it.

     

     

    I'm seeing a lot of errors in the SFC log.  Probably worth running sfcfix:

     

    https://www.ghacks.n...ile-corruption/

     

     

     

    Is your Canon printer still there?  It may need to be reinstalled with a fresh download of its software/drivers.


    • 0

    #7
    chrimajon

    chrimajon

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    OK,I've ordered a battery..the printer is still there and was working fine,but I've done as you suggested anyway.

     

    Comodo internet security essentials has been uninstalled.

     

    Below is the SFCfix log:

     

    SFCFix version 3.0.0.0 by niemiro.
    Start time: 2017-04-21 12:54:50.055
    Microsoft Windows 7 Service Pack 1 - amd64
    Not using a script file.




    AutoAnalysis::
    FIXED: Corruption at C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6\gpedit.dll has been successfully repaired from C:\Windows\SysWOW64\GPBAK\gpedit.dll.
    FIXED: Corruption at C:\Windows\winsxs\x86_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_aa136561b9ed4ae4\fde.dll has been successfully repaired from C:\Windows\SysWOW64\GPBAK\fde.dll.
    FIXED: Corruption at C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-gptext_31bf3856ad364e35_6.1.7600.16385_none_372622adf05a6587\gptext.dll has been successfully repaired from C:\Windows\SysWOW64\GPBAK\gptext.dll.
    FIXED: Corruption at C:\Windows\winsxs\x86_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_e1bcfc28af006dea\fdeploy.dll has been successfully repaired from C:\Windows\SysWOW64\GPBAK\fdeploy.dll.




    SUMMARY: All detected corruptions were successfully repaired.
    AutoAnalysis:: directive completed successfully.




    Successfully processed all directives.
    SFCFix version 3.0.0.0 by niemiro has completed.
    Currently storing 4 datablocks.
    Finish time: 2017-04-21 12:58:06.988
    ----------------------EOF-----------------------


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    SFCFix claims it fixed your sfc problems so that's good.  Let's see what errors we get now.

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
     
    Also make a new FRST scan with addition.txt checked and post both logs.  Let's see if Comodo really left us.
     
     

    • 0

    #9
    chrimajon

    chrimajon

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    New logs as requested;

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 22/04/2017 12:19:54

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 22/04/2017 11:16:05
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 22/04/2017 11:15:59
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 22/04/2017 12:21:27

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 22/04/2017 11:03:12
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3226483179-4034785836-799415362-1000:
    Process 1276 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3226483179-4034785836-799415362-1000

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2017
    Ran by user (administrator) on USER-PC (22-04-2017 12:23:01)
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1476288 2017-04-05] (COMODO)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-20] (AVAST Software)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{D9EA0BF2-75DF-48E6-8E2F-9643EB0324DC}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://trle.net/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-20] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-20] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/stg_drm.ocx
    DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/armhelper.ocx

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default [2017-04-22]
    FF Homepage: Mozilla\Firefox\Profiles\fogqhnk3.default -> hxxp://www.trle.net/
    FF NetworkProxy: Mozilla\Firefox\Profiles\fogqhnk3.default -> type", 0
    FF Extension: (Rotor Throbber) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\admin@foxed.ca.xpi [2016-04-28]
    FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\artur.dubovoy@gmail.com [2017-04-20]
    FF Extension: (RAMBack) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\ramback@pavlov.net.xpi [2016-12-23]
    FF Extension: (Status-4-Evar) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\status4evar@caligonstudios.com.xpi [2017-01-14]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
    FF Extension: (Video DownloadHelper) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
    FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-23]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-20]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-21] ()
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-20]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-13]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-13]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-13]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-20]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-13]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-02] (Adobe Systems) [File not signed]
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-20] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-20] (AVAST Software)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10508904 2017-04-05] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-05] (COMODO)
    S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2015-08-19] (Nalpeiron Ltd.) [File not signed]
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
    R2 PlugPlay; C:\Windows\SysWOW64\umpnpmgr.dll [404480 2015-04-04] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    S3 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
    S4 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-20] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-20] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-20] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-20] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-20] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-20] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-20] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-20] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-20] (AVAST Software)
    R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
    S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    U3 iswSvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-22 12:22 - 2017-04-22 12:23 - 00015340 _____ C:\Users\user\Desktop\FRST.txt
    2017-04-22 12:22 - 2017-04-22 12:22 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
    2017-04-22 12:05 - 2017-04-22 12:05 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-04-21 14:51 - 2017-04-21 15:00 - 00000637 _____ C:\Users\user\Desktop\linkss.txt
    2017-04-21 14:51 - 2017-04-21 14:51 - 00000000 ____D C:\Users\user\Downloads\hitp
    2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\user\Downloads\yellow-paint
    2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\user\Downloads\OB20
    2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\user\Downloads\blue-paint
    2017-04-21 14:49 - 2017-04-21 14:49 - 00000000 ____D C:\Users\user\Downloads\brit_btruski
    2017-04-21 14:45 - 2017-04-21 14:45 - 00000000 ____D C:\Users\user\Downloads\VHC
    2017-04-21 14:45 - 2017-04-21 14:45 - 00000000 ____D C:\Users\user\Downloads\BHC
    2017-04-21 14:41 - 2017-04-21 14:41 - 05186697 _____ C:\Users\user\Downloads\legalcontend.7z
    2017-04-21 14:41 - 2017-04-21 14:41 - 00000000 ____D C:\Users\user\Downloads\legalcontend
    2017-04-21 14:27 - 2017-04-21 14:27 - 04238566 _____ C:\Users\user\Downloads\hitp.rar
    2017-04-21 14:24 - 2017-04-21 14:25 - 20358633 _____ C:\Users\user\Downloads\OB20.7z
    2017-04-21 14:18 - 2017-04-21 14:19 - 25939771 _____ C:\Users\user\Downloads\blue-paint.7z
    2017-04-21 14:16 - 2017-04-21 14:16 - 09636459 _____ C:\Users\user\Downloads\yellow-paint.7z
    2017-04-21 14:06 - 2017-04-21 14:11 - 58684219 _____ C:\Users\user\Downloads\brit_btruski.7z
    2017-04-21 14:02 - 2017-04-21 14:20 - 392167804 _____ C:\Users\user\Downloads\VHC.7z
    2017-04-21 13:58 - 2017-04-21 14:05 - 115473508 _____ C:\Users\user\Downloads\BHC.rar
    2017-04-21 13:39 - 2017-04-21 13:39 - 00000000 ____D C:\Users\user\Desktop\Tor Browser
    2017-04-21 12:58 - 2017-04-21 12:58 - 00002720 _____ C:\Users\user\Desktop\SFCFix.txt
    2017-04-21 12:57 - 2017-04-21 12:58 - 00000000 ____D C:\SFCFix
    2017-04-21 12:54 - 2017-04-21 12:58 - 00000000 ____D C:\Users\user\AppData\Local\niemiro
    2017-04-20 20:24 - 2017-04-20 20:24 - 02884096 _____ (niemiro) C:\Users\user\Desktop\SFCFix.exe
    2017-04-20 16:08 - 2017-04-20 16:15 - 00000000 ____D C:\Program Files (x86)\GUMF73A.tmp
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000803 _____ C:\Users\Public\Desktop\Speccy.lnk
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000803 _____ C:\ProgramData\Desktop\Speccy.lnk
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000000 ____D C:\Program Files\Speccy
    2017-04-20 15:56 - 2017-04-20 15:56 - 00004457 _____ C:\junk.txt
    2017-04-20 15:50 - 2017-04-22 12:21 - 00001098 _____ C:\VEW.txt
    2017-04-20 14:49 - 2017-04-20 14:49 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1492696168
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
    2017-04-20 14:48 - 2017-04-20 14:48 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-04-20 14:47 - 2017-04-20 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
    2017-04-20 14:46 - 2017-04-20 15:06 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-04-20 14:46 - 2017-04-20 14:46 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-04-20 14:46 - 2017-04-20 14:46 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
    2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2017-04-20 14:46 - 2017-04-20 14:45 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-04-20 14:44 - 2017-04-20 14:48 - 00000000 ____D C:\Program Files\AVAST Software
    2017-04-20 14:19 - 2017-04-20 14:19 - 06293184 _____ (Piriform Ltd) C:\Users\user\Desktop\spsetup130.exe
    2017-04-20 14:18 - 2017-04-20 14:18 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\Desktop\procexp.exe
    2017-04-20 14:18 - 2017-04-20 14:18 - 00061440 _____ ( ) C:\Users\user\Desktop\VEW.exe
    2017-04-20 11:38 - 2017-04-22 12:22 - 00000000 ____D C:\FRST
    2017-04-20 11:37 - 2017-04-22 12:22 - 02425344 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2017-04-20 11:18 - 2017-04-20 11:21 - 00000000 ____D C:\AdwCleaner
    2017-04-19 22:35 - 2017-04-19 22:35 - 01663672 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
    2017-04-19 22:30 - 2017-04-19 22:30 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner.exe
    2017-04-19 15:49 - 2017-04-19 15:49 - 04922400 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
    2017-04-18 19:21 - 2017-04-22 12:20 - 00000000 ____D C:\Users\user\Desktop\New folder
    2017-04-16 01:06 - 2017-04-19 16:29 - 00000819 _____ C:\Users\user\Desktop\stuff.txt
    2017-04-13 13:28 - 2011-08-07 11:57 - 00000258 _____ C:\Windows\Restart_Explorer.bat
    2017-04-13 13:25 - 2017-04-21 21:48 - 00000000 ____D C:\Users\user\Desktop\TO
    2017-04-13 11:56 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2017-04-13 11:56 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2017-04-12 15:40 - 2017-04-21 12:57 - 00001231 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-21 12:57 - 00001231 _____ C:\ProgramData\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-12 15:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2017-04-12 15:38 - 2017-04-12 15:38 - 00000000 ____D C:\Program Files\COMODO
    2017-04-12 15:37 - 2017-04-20 22:05 - 00000000 ____D C:\Program Files (x86)\COMODO
    2017-04-12 15:34 - 2017-04-20 22:05 - 00000000 ____D C:\ProgramData\Comodo
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Shared Space
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Comodo Downloader
    2017-04-12 13:43 - 2017-03-27 19:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-27 18:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-25 20:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 20:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 20:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 19:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-04-12 13:43 - 2017-03-25 19:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 19:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 19:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 19:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 19:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 19:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-04-12 13:43 - 2017-03-25 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-04-12 13:43 - 2017-03-25 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 18:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 18:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-04-12 13:43 - 2017-03-25 18:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 18:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-04-12 13:43 - 2017-03-25 18:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 18:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 18:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 18:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-04-12 13:43 - 2017-03-25 18:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-04-12 13:43 - 2017-03-25 18:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 18:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 18:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-04-12 13:43 - 2017-03-25 18:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-04-12 13:43 - 2017-03-25 18:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 18:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-04-12 13:43 - 2017-03-25 17:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 17:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 17:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 17:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-04-12 13:43 - 2017-03-25 17:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 17:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-24 23:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-04-12 13:43 - 2017-03-24 23:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-04-12 13:43 - 2017-03-22 16:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-04-12 13:43 - 2017-03-14 16:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-04-12 13:43 - 2017-03-14 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-04-12 13:43 - 2017-03-14 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-04-12 13:43 - 2017-03-10 17:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-04-12 13:43 - 2017-03-10 16:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-04-12 13:43 - 2017-03-08 21:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 21:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 05:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-04-12 13:43 - 2017-03-08 05:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-04-12 13:43 - 2017-03-08 05:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-04-12 13:43 - 2017-03-08 05:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-04-12 13:43 - 2017-03-08 05:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-04-12 13:43 - 2017-03-08 05:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-04-12 13:43 - 2017-03-08 04:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-04-12 13:43 - 2017-03-08 04:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 04:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-04-12 13:43 - 2017-03-08 04:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-04-12 13:43 - 2017-03-08 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 04:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-04-12 13:43 - 2017-03-08 04:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-07 17:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 17:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 15:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-02-14 17:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-04-12 13:43 - 2017-02-14 17:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-04-12 13:43 - 2017-02-11 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-04-12 13:43 - 2017-02-11 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-04-12 13:43 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-04-12 13:24 - 2017-04-12 13:24 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
    2017-04-12 13:16 - 2017-04-12 13:16 - 00000000 ____D C:\ProgramData\CheckPoint
    2017-04-12 13:03 - 2017-04-05 06:58 - 00365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2017-04-11 16:54 - 2017-04-11 16:54 - 00000000 ____D C:\Program Files (x86)\Realtek
    2017-04-06 23:23 - 2017-04-05 06:58 - 00230592 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
    2017-04-06 23:23 - 2017-04-05 06:56 - 00194752 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00732368 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
    2017-04-05 07:00 - 2017-04-05 07:00 - 00941768 _____ (COMODO) C:\Windows\system32\guard64.dll
    2017-04-05 06:58 - 2017-04-05 06:58 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
    2017-04-05 06:56 - 2017-04-05 06:56 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
    2017-03-28 21:33 - 2017-03-28 21:33 - 00848736 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00119392 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00057504 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00031664 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-22 12:12 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-22 12:12 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-22 12:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-22 11:30 - 2014-05-13 12:01 - 00000000 ____D C:\Program Files (x86)\Google
    2017-04-21 12:53 - 2014-06-03 10:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-04-21 12:53 - 2014-06-03 10:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-04-21 12:53 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-04-21 12:53 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\system32\Macromed
    2017-04-21 12:53 - 2014-05-13 12:03 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
    2017-04-20 21:59 - 2014-06-02 19:40 - 00000000 ____D C:\Windows\pss
    2017-04-20 17:34 - 2014-05-13 12:10 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-04-20 14:59 - 2014-06-11 20:29 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
    2017-04-20 14:46 - 2015-08-02 16:53 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-04-20 14:22 - 2016-09-27 15:15 - 00000000 ____D C:\Program Files (x86)\Avira
    2017-04-20 14:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2017-04-20 14:11 - 2015-04-06 14:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
    2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Package Cache
    2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Avira
    2017-04-20 14:06 - 2015-07-19 15:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-04-20 13:33 - 2016-06-04 11:14 - 00000000 ____D C:\Users\user\Desktop\Movavi Video Converter
    2017-04-19 21:27 - 2014-06-02 19:23 - 00000000 ____D C:\ProgramData\TEMP
    2017-04-19 20:32 - 2016-03-27 15:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-04-19 00:09 - 2009-07-14 06:13 - 00908594 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-04-17 00:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2017-04-16 17:55 - 2014-07-06 15:32 - 00000000 ____D C:\Windows\ERDNT
    2017-04-16 15:15 - 2014-06-03 23:38 - 00000000 ____D C:\Users\user\Documents\Calibre Library
    2017-04-16 00:28 - 2015-02-01 20:16 - 00003209 _____ C:\Users\user\Desktop\owners club clickable links.txt
    2017-04-14 16:25 - 2016-06-01 20:13 - 00001084 _____ C:\Users\user\Desktop\coil harness connections.txt
    2017-04-14 11:39 - 2009-07-14 05:45 - 00321840 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-04-13 11:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Performance
    2017-04-12 19:32 - 2014-05-15 10:51 - 00892460 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-04-12 15:40 - 2014-06-02 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2017-04-12 15:31 - 2016-03-04 12:39 - 00000000 ____D C:\Users\user\Desktop\The Prisoner
    2017-04-12 15:31 - 2016-02-18 23:14 - 00000000 ____D C:\Users\user\Desktop\11-22-63
    2017-04-12 14:52 - 2014-05-13 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-04-12 14:48 - 2014-05-13 12:50 - 00000000 ____D C:\Windows\system32\MRT
    2017-04-12 14:40 - 2014-05-13 12:50 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-04-11 17:06 - 2014-06-02 16:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-04-11 17:06 - 2014-06-02 16:28 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-04-11 14:53 - 2015-07-25 16:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-04-11 14:52 - 2015-11-05 14:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-04-04 20:12 - 2014-07-19 12:33 - 00000000 ____D C:\Program Files\Recuva

    ==================== Files in the root of some directories =======

    2014-06-03 13:30 - 2014-06-03 13:30 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
    2014-06-03 13:30 - 2014-06-03 13:30 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
    2014-06-03 13:31 - 2014-06-03 13:31 - 0000074 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
    2014-06-03 13:31 - 2014-06-03 13:32 - 0001041 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
    2014-06-03 14:26 - 2017-02-24 17:15 - 0060416 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-06-09 18:59 - 2017-01-06 04:20 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
    2017-04-12 13:03 - 2017-04-05 06:58 - 0365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2014-06-02 17:04 - 2014-06-02 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-06-02 19:19 - 2014-06-02 19:19 - 0004104 _____ () C:\ProgramData\ojobkspa.ako

    Files to move or delete:
    ====================
    C:\ProgramData\cmdres.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-04-17 00:20

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017
    Ran by user (22-04-2017 12:23:55)
    Running from C:\Users\user\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2014-05-13 10:46:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3226483179-4034785836-799415362-500 - Administrator - Disabled)
    Guest (S-1-5-21-3226483179-4034785836-799415362-501 - Limited - Disabled)
    user (S-1-5-21-3226483179-4034785836-799415362-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft)
    ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.49 - ArcSoft)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009608308.48.56.44502250 - Audible, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
    Barrow Hill (HKLM-x32\...\Barrow Hill) (Version:  - )
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    BitTorrent (HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.)
    calibre (HKLM-x32\...\{9AB9E32A-236E-4A1E-AE76-367C8798A338}) (Version: 2.74.0 - Kovid Goyal)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
    Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MG4200 series User Registration (HKLM-x32\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
    COMODO Firewall (Version: 10.0.1.6209 - COMODO Security Solutions Inc.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    [bleep] NFO Viewer 2.10.0031 RC3 (HKLM-x32\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - [bleep])
    Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
    Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
    ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version:  - )
    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
    Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
    MediaCoder x64 0.8.30.5620 (HKLM\...\MediaCoder x64) (Version: 0.8.30.5620 - Mediatronic)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0107.120 - Mio Technology)
    Movavi Video Converter 10 (HKLM-x32\...\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}) (Version: 10.02.002 - Movavi)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 46.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 46.0 (x64 en-GB)) (Version: 46.0 - Mozilla)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 9 Essentials (HKLM-x32\...\{378ce143-1a66-4483-8a2f-2e11d3efbfd7}) (Version:  - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
    PlayFLV (HKLM-x32\...\PlayFLV) (Version:  - )
    Private Proxy (HKLM-x32\...\{26E8F025-1C39-4394-8252-F62CDD14C7FB}) (Version: 3.01 - Privacy Partners)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
    Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.6.4 - Shark007)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - Ulead System)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
    WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {044FF1CA-37E0-4B15-82B9-B2B1D9D20065} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {05F5439E-37A8-4F6D-AE29-C5D0D061ED5C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {11E698AC-DADF-4EEB-9C7F-1B8E94B8CFFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {4DAFED21-0D75-41AF-8FC0-BE8491D3D996} - System32\Tasks\{E2AEF9EF-D5B1-4B36-8AC8-9F9E65F06D17} => pcalua.exe -a C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10\InstallFilter.exe -d C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10
    Task: {9E337AD6-7178-4A0E-95F4-874661D92D10} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-20] (AVAST Software)
    Task: {AA14A9F3-2FD9-43F9-8B2A-57060CF88CD1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-05] (COMODO)
    Task: {ABC2B4A9-962D-41EB-996D-F19C1BA4E1F0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {B3A02422-06B1-47F1-9D42-0223D38B69FB} - System32\Tasks\SafeZone scheduled Autoupdate 1492696168 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
    Task: {B3A69E1D-9F53-4084-82DA-28230B656AFD} - System32\Tasks\Amazon Music Helper => C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe
    Task: {E9E17218-1E38-49F0-9708-80C91EAEFAC5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\user\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-04-05 06:57 - 2017-04-05 06:57 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
    2017-04-05 06:57 - 2017-04-05 06:57 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
    2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-04-21 11:02 - 2017-04-21 11:02 - 05917184 _____ () C:\Program Files\AVAST Software\Avast\defs\17042010\algo.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2017-04-22 12:17 - 2017-04-22 12:17 - 05917184 _____ () C:\Program Files\AVAST Software\Avast\defs\17042200\algo.dll
    2017-04-20 14:46 - 2017-04-20 14:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9C.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9I.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNMLMB9.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9U.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlssrv32.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdZnID [26]
    AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\TEMP:1A15E356 [364]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:7C9E34A2 [123]
    AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [192]
    AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [406]
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [312]
    AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7 [132]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7867 more sites.

    IE trusted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\vizzed.com -> www.vizzed.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123simsen.com -> www.123simsen.com

    There are 7865 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-12-28 15:54 - 00450771 ____N C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    127.0.0.1    1-2005-search.com
    127.0.0.1    123fporn.info
    127.0.0.1    www.123fporn.info
    127.0.0.1    123haustiereundmehr.com
    127.0.0.1    www.123haustiereundmehr.com
    127.0.0.1    123moviedownload.com
    127.0.0.1    www.123moviedownload.com

    There are 15463 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Amazon Music => "C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: IseUI => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{AAC05A9B-0391-4F29-A756-1112A160C9A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{5908E71C-9DE9-4EA1-A1C9-EFE70FA14DC1}] => (Allow) LPort=2869
    FirewallRules: [{E7A42576-E152-4567-B56E-32B4A7FBF7F8}] => (Allow) LPort=1900
    FirewallRules: [{0AA000F8-2737-4AA8-8820-98F8F9A27203}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{208F3C06-2352-4241-BB7D-BA5C4B2BAC71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7DD8225E-325E-4E83-AFA0-EDAE2BF10B03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6196CCDF-1E05-4FFC-A7BC-94351A53A9EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{05A82E4D-5107-4507-9ECB-3E4E9C26B47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{E74E063E-5349-4B2A-8DD1-3DBF11EF2C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{1934F01E-AB6A-4013-B6E9-1C7DBF552A7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7FBFEB9F-77D6-42E9-AB15-7ECC60BEA72B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{68E0D4DE-1D71-4310-800C-114BF3CB2DF4}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [UDP Query User{8DFB8401-13ED-413A-9CCC-21FEE89522CE}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [TCP Query User{EE746837-BFC8-4001-B5E0-3FB0AB8638BB}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [UDP Query User{6DC74960-2CFA-4F1B-BA92-EDE77A830469}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [TCP Query User{E3513280-A828-40D8-A1DC-6D845247140E}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{1995A1F4-CDD0-4FF5-AA26-46A4BA57E35F}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [TCP Query User{4575C643-5139-4198-B4A5-3793D5D5AC38}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [UDP Query User{92792CAC-D89D-4B61-B77D-543789E93FAD}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [{9891CE18-8161-4DCD-B513-63DFF86BFC4E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{E94F96F8-E2E6-458C-B249-2AFA15805432}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{7747B5E0-DC7A-4590-8029-BE73D4C89A18}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{8E18FF2D-E4EB-482D-95A2-FD3F65A93211}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{147AB450-66A7-46B4-8256-5360944F3066}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{FDF8781B-916B-43E5-9B95-19505063E69E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{ACFDBE38-D6CC-4B69-83E3-3772E923C867}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{47005BA6-1FED-4444-B6B9-BDD33340F299}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6329747A-09B6-405C-BABE-08748C24FABC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{F72C1F80-E318-4906-93D3-BCD0F0F98FD9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{7E93D640-6CF5-4945-A7FA-DBF5673387B0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{CA092A44-81AF-49AB-B46C-252C0E02AC3E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{22BC4865-15EA-438D-AA21-52F9D8AD0521}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
    FirewallRules: [{28F86F45-D0B0-4603-B124-7B6B06C0C565}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    20-04-2017 11:27:40 JRT Pre-Junkware Removal
    20-04-2017 14:13:18 Removed Diskeeper 2010 Pro Premier.

    ==================== Faulty Device Manager Devices =============

    Name: pcouffin device ...
    Description: pcouffin device ...
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (04/22/2017 12:16:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (04/22/2017 12:15:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


    CodeIntegrity:
    ===================================
      Date: 2017-04-22 12:04:46.601
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-22 12:04:46.398
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-22 11:59:47.337
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-22 11:59:47.135
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-22 11:30:45.345
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-22 11:30:45.142
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-22 02:02:14.218
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-22 02:02:14.000
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-21 17:07:26.812
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

      Date: 2017-04-21 17:07:26.610
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™2 CPU 6420 @ 2.13GHz
    Percentage of memory in use: 57%
    Total physical RAM: 3071.24 MB
    Available physical RAM: 1304.7 MB
    Total Virtual: 6140.67 MB
    Available Virtual: 4333.14 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:221.17 GB) (Free:106.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:64.67 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 612C6EEB)
    Partition 1: (Not Active) - (Size=11.7 GB) - (Type=17)
    Partition 2: (Active) - (Size=221.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
    Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP
    Download the attached deldomain.zip
    Attached File  DelDomains.zip   623bytes   9 downloads
     
    Save then right click on the file and Extract All.  You will get a deldomain.inf
    Right click on it and Install
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   2.28KB   9 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
    How is it running now?
     

    • 0

    Advertisements


    #11
    chrimajon

    chrimajon

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    Seems to be running very well now! No random shutdowns,and boots up correctly with time & date correct,although I'll still change the CMOS battery.

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017
    Ran by user (22-04-2017 13:25:44) Run:1
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
    S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    S3 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
    S4 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    U3 iswSvc; no ImagePath
    hosts:C:\Program Files (x86)\Spybot - Search & Destroy 2
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    DeleteKey:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcouffin
    AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

    *****************

    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
    HKLM\System\CurrentControlSet\Services\PCToolsSSDMonitorSvc => key removed successfully
    PCToolsSSDMonitorSvc => service removed successfully
    HKLM\System\CurrentControlSet\Services\Nero BackItUp Scheduler 4.0 => key removed successfully
    Nero BackItUp Scheduler 4.0 => service removed successfully
    HKLM\System\CurrentControlSet\Services\SDScannerService => key removed successfully
    SDScannerService => service removed successfully
    HKLM\System\CurrentControlSet\Services\SDUpdateService => key removed successfully
    SDUpdateService => service removed successfully
    HKLM\System\CurrentControlSet\Services\SDWSCService => key removed successfully
    SDWSCService => service removed successfully
    HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
    catchme => service removed successfully
    HKLM\System\CurrentControlSet\Services\IntcAzAudAddService => key removed successfully
    IntcAzAudAddService => service removed successfully
    HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
    iswSvc => service removed successfully
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value removed successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcouffin => key not found.
    AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40} => removed successfully

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


    ========= End of CMD: =========


    ==== End of Fixlog 13:26:41 ====

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2017
    Ran by user (administrator) on USER-PC (22-04-2017 13:27:15)
    Running from C:\Users\user\Desktop
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1476288 2017-04-05] (COMODO)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-20] (AVAST Software)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{D9EA0BF2-75DF-48E6-8E2F-9643EB0324DC}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://trle.net/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-20] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-20] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/stg_drm.ocx
    DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/armhelper.ocx

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default [2017-04-22]
    FF Homepage: Mozilla\Firefox\Profiles\fogqhnk3.default -> hxxp://www.trle.net/
    FF NetworkProxy: Mozilla\Firefox\Profiles\fogqhnk3.default -> type", 0
    FF Extension: (Rotor Throbber) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\admin@foxed.ca.xpi [2016-04-28]
    FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\artur.dubovoy@gmail.com [2017-04-20]
    FF Extension: (RAMBack) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\ramback@pavlov.net.xpi [2016-12-23]
    FF Extension: (Status-4-Evar) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\status4evar@caligonstudios.com.xpi [2017-01-14]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
    FF Extension: (Video DownloadHelper) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
    FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-23]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-20]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-21] ()
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-04-20]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-13]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-13]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-13]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-20]
    CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-13]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-02] (Adobe Systems) [File not signed]
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-20] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-20] (AVAST Software)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10508904 2017-04-05] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-05] (COMODO)
    S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2015-08-19] (Nalpeiron Ltd.) [File not signed]
    R2 PlugPlay; C:\Windows\SysWOW64\umpnpmgr.dll [404480 2015-04-04] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-20] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-20] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-20] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-20] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-20] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-20] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-20] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-20] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-20] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-20] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-20] (AVAST Software)
    R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
    S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-22 13:27 - 2017-04-22 13:27 - 00013862 _____ C:\Users\user\Desktop\FRST.txt
    2017-04-22 13:25 - 2017-04-22 13:26 - 00006272 _____ C:\Users\user\Desktop\Fixlog.txt
    2017-04-22 13:23 - 2017-04-22 13:23 - 00000623 _____ C:\Users\user\Desktop\DelDomains.zip
    2017-04-22 12:22 - 2017-04-22 12:22 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
    2017-04-22 12:05 - 2017-04-22 12:05 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-04-21 14:51 - 2017-04-21 15:00 - 00000637 _____ C:\Users\user\Desktop\linkss.txt
    2017-04-21 14:51 - 2017-04-21 14:51 - 00000000 ____D C:\Users\user\Downloads\hitp
    2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\user\Downloads\yellow-paint
    2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\user\Downloads\OB20
    2017-04-21 14:50 - 2017-04-21 14:50 - 00000000 ____D C:\Users\user\Downloads\blue-paint
    2017-04-21 14:49 - 2017-04-21 14:49 - 00000000 ____D C:\Users\user\Downloads\brit_btruski
    2017-04-21 14:45 - 2017-04-21 14:45 - 00000000 ____D C:\Users\user\Downloads\VHC
    2017-04-21 14:45 - 2017-04-21 14:45 - 00000000 ____D C:\Users\user\Downloads\BHC
    2017-04-21 14:41 - 2017-04-21 14:41 - 05186697 _____ C:\Users\user\Downloads\legalcontend.7z
    2017-04-21 14:41 - 2017-04-21 14:41 - 00000000 ____D C:\Users\user\Downloads\legalcontend
    2017-04-21 14:27 - 2017-04-21 14:27 - 04238566 _____ C:\Users\user\Downloads\hitp.rar
    2017-04-21 14:24 - 2017-04-21 14:25 - 20358633 _____ C:\Users\user\Downloads\OB20.7z
    2017-04-21 14:18 - 2017-04-21 14:19 - 25939771 _____ C:\Users\user\Downloads\blue-paint.7z
    2017-04-21 14:16 - 2017-04-21 14:16 - 09636459 _____ C:\Users\user\Downloads\yellow-paint.7z
    2017-04-21 14:06 - 2017-04-21 14:11 - 58684219 _____ C:\Users\user\Downloads\brit_btruski.7z
    2017-04-21 14:02 - 2017-04-21 14:20 - 392167804 _____ C:\Users\user\Downloads\VHC.7z
    2017-04-21 13:58 - 2017-04-21 14:05 - 115473508 _____ C:\Users\user\Downloads\BHC.rar
    2017-04-21 13:39 - 2017-04-21 13:39 - 00000000 ____D C:\Users\user\Desktop\Tor Browser
    2017-04-21 12:58 - 2017-04-21 12:58 - 00002720 _____ C:\Users\user\Desktop\SFCFix.txt
    2017-04-21 12:57 - 2017-04-21 12:58 - 00000000 ____D C:\SFCFix
    2017-04-21 12:54 - 2017-04-21 12:58 - 00000000 ____D C:\Users\user\AppData\Local\niemiro
    2017-04-20 20:24 - 2017-04-20 20:24 - 02884096 _____ (niemiro) C:\Users\user\Desktop\SFCFix.exe
    2017-04-20 16:08 - 2017-04-20 16:15 - 00000000 ____D C:\Program Files (x86)\GUMF73A.tmp
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000803 _____ C:\Users\Public\Desktop\Speccy.lnk
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000803 _____ C:\ProgramData\Desktop\Speccy.lnk
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2017-04-20 16:03 - 2017-04-20 16:03 - 00000000 ____D C:\Program Files\Speccy
    2017-04-20 15:56 - 2017-04-20 15:56 - 00004457 _____ C:\junk.txt
    2017-04-20 15:50 - 2017-04-22 12:21 - 00001098 _____ C:\VEW.txt
    2017-04-20 14:49 - 2017-04-20 14:49 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1492696168
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
    2017-04-20 14:48 - 2017-04-20 14:48 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-04-20 14:47 - 2017-04-20 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
    2017-04-20 14:46 - 2017-04-20 15:06 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-04-20 14:46 - 2017-04-20 14:46 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-04-20 14:46 - 2017-04-20 14:46 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
    2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2017-04-20 14:46 - 2017-04-20 14:45 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-04-20 14:46 - 2017-04-20 14:45 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-04-20 14:44 - 2017-04-20 14:48 - 00000000 ____D C:\Program Files\AVAST Software
    2017-04-20 14:19 - 2017-04-20 14:19 - 06293184 _____ (Piriform Ltd) C:\Users\user\Desktop\spsetup130.exe
    2017-04-20 14:18 - 2017-04-20 14:18 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\Desktop\procexp.exe
    2017-04-20 14:18 - 2017-04-20 14:18 - 00061440 _____ ( ) C:\Users\user\Desktop\VEW.exe
    2017-04-20 11:38 - 2017-04-22 13:27 - 00000000 ____D C:\FRST
    2017-04-20 11:37 - 2017-04-22 12:22 - 02425344 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2017-04-20 11:18 - 2017-04-20 11:21 - 00000000 ____D C:\AdwCleaner
    2017-04-19 22:35 - 2017-04-19 22:35 - 01663672 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
    2017-04-19 22:30 - 2017-04-19 22:30 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner.exe
    2017-04-19 15:49 - 2017-04-19 15:49 - 04922400 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
    2017-04-18 19:21 - 2017-04-22 12:20 - 00000000 ____D C:\Users\user\Desktop\New folder
    2017-04-16 01:06 - 2017-04-19 16:29 - 00000819 _____ C:\Users\user\Desktop\stuff.txt
    2017-04-13 13:28 - 2011-08-07 11:57 - 00000258 _____ C:\Windows\Restart_Explorer.bat
    2017-04-13 13:25 - 2017-04-22 13:21 - 00000000 ____D C:\Users\user\Desktop\TO
    2017-04-13 11:56 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2017-04-13 11:56 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2017-04-12 15:40 - 2017-04-21 12:57 - 00001231 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-21 12:57 - 00001231 _____ C:\ProgramData\Desktop\COMODO Firewall.lnk
    2017-04-12 15:40 - 2017-04-12 15:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2017-04-12 15:38 - 2017-04-12 15:38 - 00000000 ____D C:\Program Files\COMODO
    2017-04-12 15:37 - 2017-04-20 22:05 - 00000000 ____D C:\Program Files (x86)\COMODO
    2017-04-12 15:34 - 2017-04-20 22:05 - 00000000 ____D C:\ProgramData\Comodo
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Shared Space
    2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Comodo Downloader
    2017-04-12 13:43 - 2017-03-27 19:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-27 18:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-04-12 13:43 - 2017-03-25 20:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 20:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 20:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 19:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-04-12 13:43 - 2017-03-25 19:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 19:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 19:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-25 19:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 19:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 19:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 19:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 19:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-04-12 13:43 - 2017-03-25 19:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-04-12 13:43 - 2017-03-25 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-04-12 13:43 - 2017-03-25 19:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-04-12 13:43 - 2017-03-25 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-04-12 13:43 - 2017-03-25 19:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-04-12 13:43 - 2017-03-25 19:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-04-12 13:43 - 2017-03-25 19:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-04-12 13:43 - 2017-03-25 19:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-04-12 13:43 - 2017-03-25 18:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-04-12 13:43 - 2017-03-25 18:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-04-12 13:43 - 2017-03-25 18:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-04-12 13:43 - 2017-03-25 18:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-04-12 13:43 - 2017-03-25 18:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-04-12 13:43 - 2017-03-25 18:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-04-12 13:43 - 2017-03-25 18:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-04-12 13:43 - 2017-03-25 18:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-04-12 13:43 - 2017-03-25 18:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-04-12 13:43 - 2017-03-25 18:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-04-12 13:43 - 2017-03-25 18:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-04-12 13:43 - 2017-03-25 18:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-04-12 13:43 - 2017-03-25 18:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-04-12 13:43 - 2017-03-25 18:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-04-12 13:43 - 2017-03-25 18:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-04-12 13:43 - 2017-03-25 18:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-04-12 13:43 - 2017-03-25 18:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-04-12 13:43 - 2017-03-25 17:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-04-12 13:43 - 2017-03-25 17:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-04-12 13:43 - 2017-03-25 17:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-04-12 13:43 - 2017-03-25 17:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-04-12 13:43 - 2017-03-25 17:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-04-12 13:43 - 2017-03-25 17:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-04-12 13:43 - 2017-03-25 17:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-04-12 13:43 - 2017-03-24 23:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-04-12 13:43 - 2017-03-24 23:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-04-12 13:43 - 2017-03-22 16:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-04-12 13:43 - 2017-03-22 16:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-04-12 13:43 - 2017-03-22 16:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-04-12 13:43 - 2017-03-22 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-04-12 13:43 - 2017-03-22 16:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-04-12 13:43 - 2017-03-14 16:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-04-12 13:43 - 2017-03-14 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-04-12 13:43 - 2017-03-14 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-04-12 13:43 - 2017-03-10 17:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-04-12 13:43 - 2017-03-10 17:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-04-12 13:43 - 2017-03-10 17:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-04-12 13:43 - 2017-03-10 17:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-04-12 13:43 - 2017-03-10 16:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-04-12 13:43 - 2017-03-08 21:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 21:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2017-04-12 13:43 - 2017-03-08 05:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-04-12 13:43 - 2017-03-08 05:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-04-12 13:43 - 2017-03-08 05:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-04-12 13:43 - 2017-03-08 05:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-04-12 13:43 - 2017-03-08 05:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-04-12 13:43 - 2017-03-08 05:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-04-12 13:43 - 2017-03-08 05:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 05:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 05:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-04-12 13:43 - 2017-03-08 05:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-04-12 13:43 - 2017-03-08 05:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-04-12 13:43 - 2017-03-08 04:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-04-12 13:43 - 2017-03-08 04:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-04-12 13:43 - 2017-03-08 04:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-04-12 13:43 - 2017-03-08 04:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-04-12 13:43 - 2017-03-08 04:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-04-12 13:43 - 2017-03-08 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-04-12 13:43 - 2017-03-08 04:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-04-12 13:43 - 2017-03-08 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-04-12 13:43 - 2017-03-08 04:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-08 04:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-04-12 13:43 - 2017-03-07 17:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 17:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-04-12 13:43 - 2017-03-07 15:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-04-12 13:43 - 2017-03-04 02:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
    2017-04-12 13:43 - 2017-02-14 17:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-04-12 13:43 - 2017-02-14 17:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-04-12 13:43 - 2017-02-11 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-04-12 13:43 - 2017-02-11 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-04-12 13:43 - 2017-02-09 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-04-12 13:43 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-04-12 13:43 - 2016-03-23 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-04-12 13:24 - 2017-04-12 13:24 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
    2017-04-12 13:16 - 2017-04-12 13:16 - 00000000 ____D C:\ProgramData\CheckPoint
    2017-04-12 13:03 - 2017-04-05 06:58 - 00365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2017-04-11 16:54 - 2017-04-11 16:54 - 00000000 ____D C:\Program Files (x86)\Realtek
    2017-04-06 23:23 - 2017-04-05 06:58 - 00230592 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
    2017-04-06 23:23 - 2017-04-05 06:56 - 00194752 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00732368 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
    2017-04-05 07:01 - 2017-04-05 07:01 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
    2017-04-05 07:00 - 2017-04-05 07:00 - 00941768 _____ (COMODO) C:\Windows\system32\guard64.dll
    2017-04-05 06:58 - 2017-04-05 06:58 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
    2017-04-05 06:56 - 2017-04-05 06:56 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
    2017-03-28 21:33 - 2017-03-28 21:33 - 00848736 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00119392 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00057504 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
    2017-03-28 21:33 - 2017-03-28 21:33 - 00031664 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-22 12:12 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-22 12:12 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-22 12:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-22 11:30 - 2014-05-13 12:01 - 00000000 ____D C:\Program Files (x86)\Google
    2017-04-21 12:53 - 2014-06-03 10:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-04-21 12:53 - 2014-06-03 10:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-04-21 12:53 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-04-21 12:53 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\system32\Macromed
    2017-04-21 12:53 - 2014-05-13 12:03 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
    2017-04-20 21:59 - 2014-06-02 19:40 - 00000000 ____D C:\Windows\pss
    2017-04-20 17:34 - 2014-05-13 12:10 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-04-20 14:59 - 2014-06-11 20:29 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
    2017-04-20 14:46 - 2015-08-02 16:53 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-04-20 14:22 - 2016-09-27 15:15 - 00000000 ____D C:\Program Files (x86)\Avira
    2017-04-20 14:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2017-04-20 14:11 - 2015-04-06 14:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
    2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Package Cache
    2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Avira
    2017-04-20 14:06 - 2015-07-19 15:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2017-04-20 13:33 - 2016-06-04 11:14 - 00000000 ____D C:\Users\user\Desktop\Movavi Video Converter
    2017-04-19 21:27 - 2014-06-02 19:23 - 00000000 ____D C:\ProgramData\TEMP
    2017-04-19 20:32 - 2016-03-27 15:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-04-19 00:09 - 2009-07-14 06:13 - 00908594 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-04-17 00:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2017-04-16 17:55 - 2014-07-06 15:32 - 00000000 ____D C:\Windows\ERDNT
    2017-04-16 15:15 - 2014-06-03 23:38 - 00000000 ____D C:\Users\user\Documents\Calibre Library
    2017-04-16 00:28 - 2015-02-01 20:16 - 00003209 _____ C:\Users\user\Desktop\owners club clickable links.txt
    2017-04-14 16:25 - 2016-06-01 20:13 - 00001084 _____ C:\Users\user\Desktop\coil harness connections.txt
    2017-04-14 11:39 - 2009-07-14 05:45 - 00321840 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-04-13 11:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Performance
    2017-04-12 19:32 - 2014-05-15 10:51 - 00892460 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-04-12 15:40 - 2014-06-02 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2017-04-12 15:31 - 2016-03-04 12:39 - 00000000 ____D C:\Users\user\Desktop\The Prisoner
    2017-04-12 15:31 - 2016-02-18 23:14 - 00000000 ____D C:\Users\user\Desktop\11-22-63
    2017-04-12 14:52 - 2014-05-13 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-04-12 14:48 - 2014-05-13 12:50 - 00000000 ____D C:\Windows\system32\MRT
    2017-04-12 14:40 - 2014-05-13 12:50 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-04-11 17:06 - 2014-06-02 16:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-04-11 17:06 - 2014-06-02 16:28 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-04-11 14:53 - 2015-07-25 16:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-04-11 14:52 - 2015-11-05 14:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-04-04 20:12 - 2014-07-19 12:33 - 00000000 ____D C:\Program Files\Recuva

    ==================== Files in the root of some directories =======

    2014-06-03 13:30 - 2014-06-03 13:30 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
    2014-06-03 13:30 - 2014-06-03 13:30 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
    2014-06-03 13:31 - 2014-06-03 13:31 - 0000074 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
    2014-06-03 13:31 - 2014-06-03 13:32 - 0001041 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
    2014-06-03 14:26 - 2017-02-24 17:15 - 0060416 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-06-09 18:59 - 2017-01-06 04:20 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
    2017-04-12 13:03 - 2017-04-05 06:58 - 0365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2014-06-02 17:04 - 2014-06-02 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-06-02 19:19 - 2014-06-02 19:19 - 0004104 _____ () C:\ProgramData\ojobkspa.ako

    Files to move or delete:
    ====================
    C:\ProgramData\cmdres.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-04-17 00:20

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017
    Ran by user (22-04-2017 13:27:50)
    Running from C:\Users\user\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2014-05-13 10:46:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3226483179-4034785836-799415362-500 - Administrator - Disabled)
    Guest (S-1-5-21-3226483179-4034785836-799415362-501 - Limited - Disabled)
    user (S-1-5-21-3226483179-4034785836-799415362-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
    ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft)
    ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.49 - ArcSoft)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009608308.48.56.44502250 - Audible, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
    Barrow Hill (HKLM-x32\...\Barrow Hill) (Version:  - )
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    BitTorrent (HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.)
    calibre (HKLM-x32\...\{9AB9E32A-236E-4A1E-AE76-367C8798A338}) (Version: 2.74.0 - Kovid Goyal)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
    Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MG4200 series User Registration (HKLM-x32\...\Canon MG4200 series User Registration) (Version:  - Canon Inc.‎)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
    COMODO Firewall (Version: 10.0.1.6209 - COMODO Security Solutions Inc.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    [bleep] NFO Viewer 2.10.0031 RC3 (HKLM-x32\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - [bleep])
    Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
    Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
    ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version:  - )
    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
    Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
    MediaCoder x64 0.8.30.5620 (HKLM\...\MediaCoder x64) (Version: 0.8.30.5620 - Mediatronic)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0107.120 - Mio Technology)
    Movavi Video Converter 10 (HKLM-x32\...\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}) (Version: 10.02.002 - Movavi)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 46.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 46.0 (x64 en-GB)) (Version: 46.0 - Mozilla)
    Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 9 Essentials (HKLM-x32\...\{378ce143-1a66-4483-8a2f-2e11d3efbfd7}) (Version:  - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
    PlayFLV (HKLM-x32\...\PlayFLV) (Version:  - )
    Private Proxy (HKLM-x32\...\{26E8F025-1C39-4394-8252-F62CDD14C7FB}) (Version: 3.01 - Privacy Partners)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
    Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.6.4 - Shark007)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - Ulead System)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
    WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {044FF1CA-37E0-4B15-82B9-B2B1D9D20065} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {05F5439E-37A8-4F6D-AE29-C5D0D061ED5C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {11E698AC-DADF-4EEB-9C7F-1B8E94B8CFFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
    Task: {4DAFED21-0D75-41AF-8FC0-BE8491D3D996} - System32\Tasks\{E2AEF9EF-D5B1-4B36-8AC8-9F9E65F06D17} => pcalua.exe -a C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10\InstallFilter.exe -d C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10
    Task: {9E337AD6-7178-4A0E-95F4-874661D92D10} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-20] (AVAST Software)
    Task: {AA14A9F3-2FD9-43F9-8B2A-57060CF88CD1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-05] (COMODO)
    Task: {ABC2B4A9-962D-41EB-996D-F19C1BA4E1F0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
    Task: {B3A02422-06B1-47F1-9D42-0223D38B69FB} - System32\Tasks\SafeZone scheduled Autoupdate 1492696168 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
    Task: {B3A69E1D-9F53-4084-82DA-28230B656AFD} - System32\Tasks\Amazon Music Helper => C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe
    Task: {E9E17218-1E38-49F0-9708-80C91EAEFAC5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\user\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

    ==================== Loaded Modules (Whitelisted) ==============

    2017-04-05 06:57 - 2017-04-05 06:57 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
    2017-04-05 06:57 - 2017-04-05 06:57 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
    2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2017-04-22 12:17 - 2017-04-22 12:17 - 05917184 _____ () C:\Program Files\AVAST Software\Avast\defs\17042200\algo.dll
    2017-04-20 14:46 - 2017-04-20 14:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-04-20 14:45 - 2017-04-20 14:45 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9C.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9I.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CNMLMB9.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9L.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9U.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlssrv32.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdZnID [26]
    AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\TEMP:1A15E356 [364]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:7C9E34A2 [123]
    AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [192]
    AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [406]
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [312]
    AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7 [132]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7867 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2017-04-22 13:26 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Amazon Music => "C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: IseUI => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{AAC05A9B-0391-4F29-A756-1112A160C9A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{5908E71C-9DE9-4EA1-A1C9-EFE70FA14DC1}] => (Allow) LPort=2869
    FirewallRules: [{E7A42576-E152-4567-B56E-32B4A7FBF7F8}] => (Allow) LPort=1900
    FirewallRules: [{0AA000F8-2737-4AA8-8820-98F8F9A27203}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{208F3C06-2352-4241-BB7D-BA5C4B2BAC71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{7DD8225E-325E-4E83-AFA0-EDAE2BF10B03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6196CCDF-1E05-4FFC-A7BC-94351A53A9EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{05A82E4D-5107-4507-9ECB-3E4E9C26B47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{E74E063E-5349-4B2A-8DD1-3DBF11EF2C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{1934F01E-AB6A-4013-B6E9-1C7DBF552A7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7FBFEB9F-77D6-42E9-AB15-7ECC60BEA72B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{68E0D4DE-1D71-4310-800C-114BF3CB2DF4}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [UDP Query User{8DFB8401-13ED-413A-9CCC-21FEE89522CE}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
    FirewallRules: [TCP Query User{EE746837-BFC8-4001-B5E0-3FB0AB8638BB}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [UDP Query User{6DC74960-2CFA-4F1B-BA92-EDE77A830469}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
    FirewallRules: [TCP Query User{E3513280-A828-40D8-A1DC-6D845247140E}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{1995A1F4-CDD0-4FF5-AA26-46A4BA57E35F}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [TCP Query User{4575C643-5139-4198-B4A5-3793D5D5AC38}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [UDP Query User{92792CAC-D89D-4B61-B77D-543789E93FAD}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [{9891CE18-8161-4DCD-B513-63DFF86BFC4E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{E94F96F8-E2E6-458C-B249-2AFA15805432}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{7747B5E0-DC7A-4590-8029-BE73D4C89A18}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{8E18FF2D-E4EB-482D-95A2-FD3F65A93211}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{147AB450-66A7-46B4-8256-5360944F3066}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{FDF8781B-916B-43E5-9B95-19505063E69E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{ACFDBE38-D6CC-4B69-83E3-3772E923C867}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{47005BA6-1FED-4444-B6B9-BDD33340F299}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6329747A-09B6-405C-BABE-08748C24FABC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{F72C1F80-E318-4906-93D3-BCD0F0F98FD9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{7E93D640-6CF5-4945-A7FA-DBF5673387B0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{CA092A44-81AF-49AB-B46C-252C0E02AC3E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{22BC4865-15EA-438D-AA21-52F9D8AD0521}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
    FirewallRules: [{28F86F45-D0B0-4603-B124-7B6B06C0C565}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    20-04-2017 11:27:40 JRT Pre-Junkware Removal
    20-04-2017 14:13:18 Removed Diskeeper 2010 Pro Premier.

    ==================== Faulty Device Manager Devices =============

    Name: pcouffin device ...
    Description: pcouffin device ...
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    ==================== Memory info ===========================

    Processor: Intel® Core™2 CPU 6420 @ 2.13GHz
    Percentage of memory in use: 64%
    Total physical RAM: 3071.24 MB
    Available physical RAM: 1086.1 MB
    Total Virtual: 6140.67 MB
    Available Virtual: 4165.97 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:221.17 GB) (Free:107 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:64.67 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 612C6EEB)
    Partition 1: (Not Active) - (Size=11.7 GB) - (Type=17)
    Partition 2: (Active) - (Size=221.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
    Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    Your log is showing a defective pcouffin device .  This is a driver installed by a program which is no longer on your PC .  It should have been removed but wasn't.

     

    If you search for

    device manager

    and hit Enter

    then View, Show Hidden Devices

     

    It will probably have a yellow flag.  Right click on it and Uninstall.  Reboot.

     

    Go back in and see if it came back.  If it did just right click on it and Disable it.

     

    Also you do not have the latest Java.  I see:

     

    Java 8 Update 31

     

    Should be Update 121

     

     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
     
    I think we can clean up now:
     
    Time to clean up:
     
    To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
     
    DeleteQuarantine:
     
    Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
     
    If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    To prevent a relatively new phishing attack:  In Firefox, type:
    about:config
    in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in 
    puny
    You should only get one option:
    network.IDN_show_punycode
    We want it to say True but by default it is False so double click on it to toggle from False to True.
    Close and restart firefox.
     
    To test it you can go to:
     
     
    If the value is false you will see https://www.apple.cominstead of the correct value
     
    If you are a Facebook user get the FB Purity extension for your browser:
    This will stop all of the suggested pages and ads so that Facebook loads much quicker.
     
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     

    Avast has some annoying habits.  You can minimize them:

     

     
    They have  started using their info popup to try and get you to upgrade so I go into Settings, General, Popups and change the first two to 1 second.
     
    I don't like their Browser Cleanup so I turn it off:
    Settings, Tools, Browser Cleanup (click on the white space to the right of On.)
     
     
    The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
     
     
    One great thing about Avast is their boot-time scan.  This loads before Windows is completely up so has a better chance of catching and removing malware.  Takes a long time so I usually let it run while I sleep:
     
     
    Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
     
      Reboot and let it run a scan.  It may take hours.
    Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.
     
    When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
     
     
    (Only if you want to copy and paste the results into a reply.)

    • 0

    #13
    chrimajon

    chrimajon

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    Couldn't find 'tools' or 'browser cleanup' in Avast !

     

    Firefox seems to be lagging when opening webpages..is this due to the puny fix you suggested?

     

    Also,I'm not seeing a Java add-on in Firefox,even though I've updated to the latest version..

     

    I'm also still unable to see embedded Youtube videos on forum pages..all see is a blank space where the video should be,and the message 'movie not loaded' when I right click,as shown..

    Attached Thumbnails

    • screen.jpg

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 19,052 posts
    • MVP

    In Avast, Settings, Components.  Scroll down and you should find Browser Cleanup.  They keep changing it on me.

     

    Can you give me a link to the site that is not working?  (PM me if you want to keep it private)

     

    If you think the puny thing is causing problems, it's easy enough to toggle it and see if it hurts.  Otherwise disable  all of your add-ons/extensions and see if things get better.  Then turn on half, restart FF and see if things slow down.  Each extension can cause a small slowdown in startup but some or worse than others.  Alternatively there's an extension that will tell you:

     

    https://www.howtogee...n-your-browser/


    • 0

    #15
    chrimajon

    chrimajon

      Member

    • Topic Starter
    • Member
    • PipPip
    • 23 posts

    This is the link - should open one the first page of the thread,and the very first post has an embedded video..

     

    http://www.rx8owners...php?f=6&t=73632


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP