The make/model is an ASUS P5L 1394
Logs again as requested:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
Ran by user (administrator) on USER-PC (20-04-2017 15:05:06)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1476288 2017-04-05] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2015-02-07] (Oracle Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
HKLM-x32\...\Run: [SDTray] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-30] (COMODO)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2016-06-24] (CANON INC.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-02-02] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-08-02] (Safer-Networking Ltd.)
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Run: [Amazon Music] => "C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-06-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D9EA0BF2-75DF-48E6-8E2F-9643EB0324DC}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://trle.net/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/stg_drm.ocx
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/CLUE%20Classic/Images/armhelper.ocx
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default [2017-04-20]
FF Homepage: Mozilla\Firefox\Profiles\fogqhnk3.default -> hxxp://www.trle.net/
FF NetworkProxy: Mozilla\Firefox\Profiles\fogqhnk3.default -> type", 0
FF Extension: (Rotor Throbber) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\[email protected] [2016-04-28]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\[email protected] [2017-02-19]
FF Extension: (RAMBack) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\[email protected] [2016-12-23]
FF Extension: (Status-4-Evar) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\[email protected] [2017-01-14]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
FF Extension: (Video DownloadHelper) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-22] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-02] (Adobe Systems) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-20] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-20] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10508904 2017-04-05] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-05] (COMODO)
S2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2015-08-19] (Nalpeiron Ltd.) [File not signed]
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
R2 PlugPlay; C:\Windows\SysWOW64\umpnpmgr.dll [404480 2015-04-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S3 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S4 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-20] (AVAST Software)
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-30] (COMODO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
U3 iswSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-20 15:05 - 2017-04-20 15:08 - 00016099 _____ C:\Users\user\Desktop\FRST.txt
2017-04-20 15:04 - 2017-04-20 15:04 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-20 14:49 - 2017-04-20 14:49 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1492696168
2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-20 14:49 - 2017-04-20 14:49 - 00001050 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2017-04-20 14:48 - 2017-04-20 14:48 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-20 14:47 - 2017-04-20 14:47 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2017-04-20 14:46 - 2017-04-20 15:06 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-20 14:46 - 2017-04-20 14:46 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-20 14:46 - 2017-04-20 14:46 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-20 14:46 - 2017-04-20 14:46 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-20 14:46 - 2017-04-20 14:46 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-20 14:46 - 2017-04-20 14:46 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-20 14:46 - 2017-04-20 14:46 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-20 14:46 - 2017-04-20 14:46 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-20 14:46 - 2017-04-20 14:46 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-20 14:46 - 2017-04-20 14:46 - 00001929 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-20 14:46 - 2017-04-20 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-20 14:46 - 2017-04-20 14:45 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-20 14:46 - 2017-04-20 14:45 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-20 14:46 - 2017-04-20 14:45 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-20 14:46 - 2017-04-20 14:45 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-20 14:46 - 2017-04-20 14:45 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-20 14:44 - 2017-04-20 14:48 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-20 14:19 - 2017-04-20 14:19 - 06293184 _____ (Piriform Ltd) C:\Users\user\Desktop\spsetup130.exe
2017-04-20 14:18 - 2017-04-20 14:18 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\Desktop\procexp.exe
2017-04-20 14:18 - 2017-04-20 14:18 - 00061440 _____ ( ) C:\Users\user\Desktop\VEW.exe
2017-04-20 11:38 - 2017-04-20 15:05 - 00000000 ____D C:\FRST
2017-04-20 11:37 - 2017-04-20 11:37 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-04-20 11:33 - 2017-04-20 11:33 - 00002319 _____ C:\Users\user\Desktop\JRT.txt
2017-04-20 11:18 - 2017-04-20 11:21 - 00000000 ____D C:\AdwCleaner
2017-04-19 22:35 - 2017-04-19 22:35 - 01663672 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
2017-04-19 22:30 - 2017-04-19 22:30 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner.exe
2017-04-19 15:49 - 2017-04-19 15:49 - 04922400 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
2017-04-19 15:47 - 2017-04-19 15:47 - 05659609 _____ (Swearware) C:\Users\user\Desktop\ComboFix.exe
2017-04-19 15:46 - 2017-04-19 15:46 - 09390672 _____ (Piriform Ltd) C:\Users\user\Desktop\ccsetup529.exe
2017-04-18 19:21 - 2017-04-18 19:23 - 00000000 ____D C:\Users\user\Desktop\New folder
2017-04-16 01:06 - 2017-04-19 16:29 - 00000819 _____ C:\Users\user\Desktop\stuff.txt
2017-04-13 13:28 - 2011-08-07 11:57 - 00000258 _____ C:\Windows\Restart_Explorer.bat
2017-04-13 13:25 - 2017-04-20 14:04 - 00000000 ____D C:\Users\user\Desktop\TO
2017-04-13 11:56 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-04-13 11:56 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-04-13 11:52 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-04-13 11:52 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-04-13 11:52 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-04-12 15:40 - 2017-04-20 13:33 - 00001231 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2017-04-12 15:40 - 2017-04-20 13:33 - 00001231 _____ C:\ProgramData\Desktop\COMODO Firewall.lnk
2017-04-12 15:40 - 2017-04-12 15:40 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2017-04-12 15:38 - 2017-04-12 15:38 - 00000000 ____D C:\Program Files\COMODO
2017-04-12 15:37 - 2017-04-12 15:37 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-04-12 15:37 - 2017-03-30 04:10 - 00307960 _____ (COMODO) C:\Windows\system32\iseguard64.dll
2017-04-12 15:37 - 2017-03-30 04:10 - 00236792 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
2017-04-12 15:37 - 2017-03-30 04:10 - 00050856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys
2017-04-12 15:34 - 2017-04-12 15:37 - 00000000 ____D C:\ProgramData\Comodo
2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Shared Space
2017-04-12 15:34 - 2017-04-12 15:34 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-04-12 13:43 - 2017-03-27 19:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 13:43 - 2017-03-27 18:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 13:43 - 2017-03-25 20:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 13:43 - 2017-03-25 20:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 13:43 - 2017-03-25 20:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 13:43 - 2017-03-25 19:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 13:43 - 2017-03-25 19:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 13:43 - 2017-03-25 19:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 13:43 - 2017-03-25 19:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 13:43 - 2017-03-25 19:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 13:43 - 2017-03-25 19:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 13:43 - 2017-03-25 19:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 13:43 - 2017-03-25 19:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 13:43 - 2017-03-25 19:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 13:43 - 2017-03-25 19:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 13:43 - 2017-03-25 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 13:43 - 2017-03-25 19:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 13:43 - 2017-03-25 19:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 13:43 - 2017-03-25 19:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 13:43 - 2017-03-25 19:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 13:43 - 2017-03-25 19:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 13:43 - 2017-03-25 19:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 13:43 - 2017-03-25 19:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 13:43 - 2017-03-25 19:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 13:43 - 2017-03-25 19:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 13:43 - 2017-03-25 19:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 13:43 - 2017-03-25 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 13:43 - 2017-03-25 19:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 13:43 - 2017-03-25 19:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 13:43 - 2017-03-25 19:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 13:43 - 2017-03-25 19:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 13:43 - 2017-03-25 19:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 13:43 - 2017-03-25 18:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 13:43 - 2017-03-25 18:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 13:43 - 2017-03-25 18:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 13:43 - 2017-03-25 18:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 13:43 - 2017-03-25 18:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 13:43 - 2017-03-25 18:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 13:43 - 2017-03-25 18:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 13:43 - 2017-03-25 18:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 13:43 - 2017-03-25 18:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 13:43 - 2017-03-25 18:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 13:43 - 2017-03-25 18:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 13:43 - 2017-03-25 18:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 13:43 - 2017-03-25 18:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 13:43 - 2017-03-25 18:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 13:43 - 2017-03-25 18:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 13:43 - 2017-03-25 18:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 13:43 - 2017-03-25 18:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 13:43 - 2017-03-25 18:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 13:43 - 2017-03-25 18:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 13:43 - 2017-03-25 17:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 13:43 - 2017-03-25 17:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 13:43 - 2017-03-25 17:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 13:43 - 2017-03-25 17:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 13:43 - 2017-03-25 17:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 13:43 - 2017-03-25 17:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 13:43 - 2017-03-25 17:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 13:43 - 2017-03-25 17:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 13:43 - 2017-03-24 23:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 13:43 - 2017-03-24 23:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 13:43 - 2017-03-22 16:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 13:43 - 2017-03-22 16:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 13:43 - 2017-03-22 16:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 13:43 - 2017-03-22 16:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 13:43 - 2017-03-22 16:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 13:43 - 2017-03-22 16:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 13:43 - 2017-03-22 16:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 13:43 - 2017-03-22 16:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 13:43 - 2017-03-22 16:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 13:43 - 2017-03-22 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 13:43 - 2017-03-22 16:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 13:43 - 2017-03-22 16:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 13:43 - 2017-03-22 16:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 13:43 - 2017-03-22 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 13:43 - 2017-03-22 16:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 13:43 - 2017-03-14 16:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 13:43 - 2017-03-14 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 13:43 - 2017-03-14 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 13:43 - 2017-03-10 17:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 13:43 - 2017-03-10 17:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 13:43 - 2017-03-10 17:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 13:43 - 2017-03-10 17:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 13:43 - 2017-03-10 17:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 13:43 - 2017-03-10 17:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 13:43 - 2017-03-10 17:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 13:43 - 2017-03-10 17:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 13:43 - 2017-03-10 17:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 13:43 - 2017-03-10 17:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 13:43 - 2017-03-10 16:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 13:43 - 2017-03-08 21:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 13:43 - 2017-03-08 21:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 13:43 - 2017-03-08 05:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 13:43 - 2017-03-08 05:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 13:43 - 2017-03-08 05:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 13:43 - 2017-03-08 05:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 13:43 - 2017-03-08 05:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 13:43 - 2017-03-08 05:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 13:43 - 2017-03-08 05:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 13:43 - 2017-03-08 05:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 13:43 - 2017-03-08 05:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 05:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 13:43 - 2017-03-08 05:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 13:43 - 2017-03-08 05:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 13:43 - 2017-03-08 05:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 13:43 - 2017-03-08 05:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 13:43 - 2017-03-08 04:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 13:43 - 2017-03-08 04:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 13:43 - 2017-03-08 04:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 13:43 - 2017-03-08 04:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 13:43 - 2017-03-08 04:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 13:43 - 2017-03-08 04:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 13:43 - 2017-03-08 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 13:43 - 2017-03-08 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 13:43 - 2017-03-08 04:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 13:43 - 2017-03-08 04:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 13:43 - 2017-03-08 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 13:43 - 2017-03-08 04:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 13:43 - 2017-03-08 04:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 04:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 04:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 13:43 - 2017-03-08 04:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 13:43 - 2017-03-07 17:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 13:43 - 2017-03-07 17:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 13:43 - 2017-03-07 15:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 13:43 - 2017-03-04 02:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 13:43 - 2017-03-04 02:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 13:43 - 2017-03-04 02:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 13:43 - 2017-03-04 02:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 13:43 - 2017-02-14 17:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 13:43 - 2017-02-14 17:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 13:43 - 2017-02-11 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 13:43 - 2017-02-11 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 13:43 - 2017-02-09 17:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 13:43 - 2017-02-09 17:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 13:43 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 13:43 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 13:43 - 2016-03-23 23:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 13:43 - 2016-03-23 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-12 13:24 - 2017-04-12 13:24 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2017-04-12 13:16 - 2017-04-12 13:16 - 00000000 ____D C:\ProgramData\CheckPoint
2017-04-12 13:03 - 2017-04-05 06:58 - 00365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-04-12 12:58 - 2017-04-12 12:58 - 05363680 _____ (COMODO) C:\Users\user\Downloads\cmd_fw_installer_6113_c7.exe
2017-04-11 16:54 - 2017-04-11 16:54 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-04-06 23:23 - 2017-04-05 06:58 - 00230592 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
2017-04-06 23:23 - 2017-04-05 06:56 - 00194752 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
2017-04-05 07:01 - 2017-04-05 07:01 - 00732368 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2017-04-05 07:01 - 2017-04-05 07:01 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2017-04-05 07:00 - 2017-04-05 07:00 - 00941768 _____ (COMODO) C:\Windows\system32\guard64.dll
2017-04-05 06:58 - 2017-04-05 06:58 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2017-04-05 06:56 - 2017-04-05 06:56 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2017-03-28 21:33 - 2017-03-28 21:33 - 00848736 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2017-03-28 21:33 - 2017-03-28 21:33 - 00119392 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2017-03-28 21:33 - 2017-03-28 21:33 - 00057504 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2017-03-28 21:33 - 2017-03-28 21:33 - 00031664 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-20 15:05 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-20 15:05 - 2009-07-14 05:45 - 00022800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-20 14:59 - 2014-06-11 20:29 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-04-20 14:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-20 14:54 - 2014-06-02 19:40 - 00000000 ____D C:\Windows\pss
2017-04-20 14:48 - 2014-05-13 12:10 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-20 14:46 - 2015-08-02 16:53 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-20 14:22 - 2016-09-27 15:15 - 00000000 ____D C:\Program Files (x86)\Avira
2017-04-20 14:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-04-20 14:11 - 2015-04-06 14:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-20 14:11 - 2015-04-06 14:48 - 00000000 ____D C:\ProgramData\Avira
2017-04-20 14:06 - 2015-07-19 15:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-20 13:33 - 2016-06-04 11:14 - 00000000 ____D C:\Users\user\Desktop\Movavi Video Converter
2017-04-19 21:27 - 2014-06-02 19:23 - 00000000 ____D C:\ProgramData\TEMP
2017-04-19 20:32 - 2016-03-27 15:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-19 00:09 - 2009-07-14 06:13 - 00908594 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-17 00:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-04-16 17:55 - 2014-07-06 15:32 - 00000000 ____D C:\Windows\ERDNT
2017-04-16 15:15 - 2014-06-03 23:38 - 00000000 ____D C:\Users\user\Documents\Calibre Library
2017-04-16 00:28 - 2015-02-01 20:16 - 00003209 _____ C:\Users\user\Desktop\owners club clickable links.txt
2017-04-14 16:25 - 2016-06-01 20:13 - 00001084 _____ C:\Users\user\Desktop\coil harness connections.txt
2017-04-14 11:39 - 2009-07-14 05:45 - 00321840 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-13 11:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Performance
2017-04-12 19:32 - 2014-05-15 10:51 - 00892460 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 15:40 - 2014-06-02 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-04-12 15:31 - 2016-03-04 12:39 - 00000000 ____D C:\Users\user\Desktop\The Prisoner
2017-04-12 15:31 - 2016-02-18 23:14 - 00000000 ____D C:\Users\user\Desktop\11-22-63
2017-04-12 14:52 - 2014-05-13 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 14:49 - 2014-05-13 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 14:48 - 2014-05-13 12:50 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 14:40 - 2014-05-13 12:50 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-11 17:06 - 2014-06-02 16:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-11 17:06 - 2014-06-02 16:28 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-04-11 14:53 - 2015-07-25 16:54 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-11 14:52 - 2015-11-05 14:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-04 20:12 - 2014-07-19 12:33 - 00000000 ____D C:\Program Files\Recuva
2017-03-22 14:35 - 2014-06-03 10:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-22 14:35 - 2014-06-03 10:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-22 14:35 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-22 14:35 - 2014-06-03 10:40 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-22 14:35 - 2014-05-13 12:03 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
==================== Files in the root of some directories =======
2014-06-03 13:30 - 2014-06-03 13:30 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-06-03 13:30 - 2014-06-03 13:30 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-06-03 13:31 - 2014-06-03 13:31 - 0000074 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2014-06-03 13:31 - 2014-06-03 13:32 - 0001041 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
2014-06-03 14:26 - 2017-02-24 17:15 - 0060416 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-09 18:59 - 2017-01-06 04:20 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-04-12 13:03 - 2017-04-05 06:58 - 0365248 _____ (COMODO) C:\ProgramData\cmdres.dll
2014-06-02 17:04 - 2014-06-02 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-02 19:19 - 2014-06-02 19:19 - 0004104 _____ () C:\ProgramData\ojobkspa.ako
Files to move or delete:
====================
C:\ProgramData\cmdres.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-17 00:20
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by user (20-04-2017 15:09:17)
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-13 10:46:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3226483179-4034785836-799415362-500 - Administrator - Disabled)
Guest (S-1-5-21-3226483179-4034785836-799415362-501 - Limited - Disabled)
user (S-1-5-21-3226483179-4034785836-799415362-1000 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft)
ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.49 - ArcSoft)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009608308.48.56.44502250 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Barrow Hill (HKLM-x32\...\Barrow Hill) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BitTorrent (HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.)
calibre (HKLM-x32\...\{9AB9E32A-236E-4A1E-AE76-367C8798A338}) (Version: 2.74.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG4200 series User Registration (HKLM-x32\...\Canon MG4200 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
COMODO Firewall (Version: 10.0.1.6209 - COMODO Security Solutions Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
[bleep] NFO Viewer 2.10.0031 RC3 (HKLM-x32\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - [bleep])
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version: - )
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version: - )
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
MediaCoder x64 0.8.30.5620 (HKLM\...\MediaCoder x64) (Version: 0.8.30.5620 - Mediatronic)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0107.120 - Mio Technology)
Movavi Video Converter 10 (HKLM-x32\...\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}) (Version: 10.02.002 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 46.0 (x64 en-GB)) (Version: 46.0 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{378ce143-1a66-4483-8a2f-2e11d3efbfd7}) (Version: - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
PlayFLV (HKLM-x32\...\PlayFLV) (Version: - )
Private Proxy (HKLM-x32\...\{26E8F025-1C39-4394-8252-F62CDD14C7FB}) (Version: 3.01 - Privacy Partners)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.6.4 - Shark007)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - Ulead System)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {044FF1CA-37E0-4B15-82B9-B2B1D9D20065} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
Task: {05F5439E-37A8-4F6D-AE29-C5D0D061ED5C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
Task: {11E698AC-DADF-4EEB-9C7F-1B8E94B8CFFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {4DAFED21-0D75-41AF-8FC0-BE8491D3D996} - System32\Tasks\{E2AEF9EF-D5B1-4B36-8AC8-9F9E65F06D17} => pcalua.exe -a C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10\InstallFilter.exe -d C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10
Task: {9E337AD6-7178-4A0E-95F4-874661D92D10} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-20] (AVAST Software)
Task: {AA14A9F3-2FD9-43F9-8B2A-57060CF88CD1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-05] (COMODO)
Task: {ABC2B4A9-962D-41EB-996D-F19C1BA4E1F0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-05] (COMODO)
Task: {B3A02422-06B1-47F1-9D42-0223D38B69FB} - System32\Tasks\SafeZone scheduled Autoupdate 1492696168 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {B3A69E1D-9F53-4084-82DA-28230B656AFD} - System32\Tasks\Amazon Music Helper => C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe
Task: {E9E17218-1E38-49F0-9708-80C91EAEFAC5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\user\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
==================== Loaded Modules (Whitelisted) ==============
2017-04-05 06:57 - 2017-04-05 06:57 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-04-05 06:57 - 2017-04-05 06:57 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00790544 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-20 14:48 - 2017-04-20 14:48 - 06021752 _____ () C:\Program Files\AVAST Software\Avast\defs\17042000\algo.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-04-20 15:04 - 2017-04-20 15:04 - 05917184 _____ () C:\Program Files\AVAST Software\Avast\defs\17042006\algo.dll
2017-04-20 14:46 - 2017-04-20 14:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-20 14:45 - 2017-04-20 14:45 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC_B9C.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC_B9I.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC_B9L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNMLMB9.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC_B9U.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlssrv32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\umpnpmgr.dll:$CmdZnID [26]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:1A15E356 [364]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:7C9E34A2 [123]
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [192]
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [406]
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [312]
AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7 [132]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
IE trusted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\vizzed.com -> www.vizzed.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-28 15:54 - 00450771 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15463 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{AAC05A9B-0391-4F29-A756-1112A160C9A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5908E71C-9DE9-4EA1-A1C9-EFE70FA14DC1}] => (Allow) LPort=2869
FirewallRules: [{E7A42576-E152-4567-B56E-32B4A7FBF7F8}] => (Allow) LPort=1900
FirewallRules: [{0AA000F8-2737-4AA8-8820-98F8F9A27203}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{208F3C06-2352-4241-BB7D-BA5C4B2BAC71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7DD8225E-325E-4E83-AFA0-EDAE2BF10B03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6196CCDF-1E05-4FFC-A7BC-94351A53A9EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{05A82E4D-5107-4507-9ECB-3E4E9C26B47F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{E74E063E-5349-4B2A-8DD1-3DBF11EF2C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
FirewallRules: [{1934F01E-AB6A-4013-B6E9-1C7DBF552A7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7FBFEB9F-77D6-42E9-AB15-7ECC60BEA72B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{68E0D4DE-1D71-4310-800C-114BF3CB2DF4}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
FirewallRules: [UDP Query User{8DFB8401-13ED-413A-9CCC-21FEE89522CE}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
FirewallRules: [TCP Query User{EE746837-BFC8-4001-B5E0-3FB0AB8638BB}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
FirewallRules: [UDP Query User{6DC74960-2CFA-4F1B-BA92-EDE77A830469}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41373.exe
FirewallRules: [TCP Query User{E3513280-A828-40D8-A1DC-6D845247140E}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{1995A1F4-CDD0-4FF5-AA26-46A4BA57E35F}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{4575C643-5139-4198-B4A5-3793D5D5AC38}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [UDP Query User{92792CAC-D89D-4B61-B77D-543789E93FAD}C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\user\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [{9891CE18-8161-4DCD-B513-63DFF86BFC4E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E94F96F8-E2E6-458C-B249-2AFA15805432}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7747B5E0-DC7A-4590-8029-BE73D4C89A18}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8E18FF2D-E4EB-482D-95A2-FD3F65A93211}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{147AB450-66A7-46B4-8256-5360944F3066}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FDF8781B-916B-43E5-9B95-19505063E69E}] => (Allow) C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ACFDBE38-D6CC-4B69-83E3-3772E923C867}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{47005BA6-1FED-4444-B6B9-BDD33340F299}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6329747A-09B6-405C-BABE-08748C24FABC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F72C1F80-E318-4906-93D3-BCD0F0F98FD9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7E93D640-6CF5-4945-A7FA-DBF5673387B0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CA092A44-81AF-49AB-B46C-252C0E02AC3E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{22BC4865-15EA-438D-AA21-52F9D8AD0521}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
20-04-2017 11:27:40 JRT Pre-Junkware Removal
20-04-2017 14:13:18 Removed Diskeeper 2010 Pro Premier.
==================== Faulty Device Manager Devices =============
Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2017 02:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.0.0.0, time stamp: 0x4f7a7000
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0x9d8
Faulting application start time: 0x01d2b9de39ea2825
Faulting application path: C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
Faulting module path: C:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLL
Report Id: 80ab26cc-25d1-11e7-bb7b-001bfc6fe062
Error: (04/20/2017 02:13:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored.
Error: (04/12/2017 03:40:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisEvent" whose target class "CisEvent" in //./root/cis namespace does not exist. The query will be ignored.
System errors:
=============
Error: (04/20/2017 02:59:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/20/2017 02:59:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The isesrv service terminated unexpectedly. It has done this 1 time(s).
Error: (04/20/2017 02:59:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/20/2017 02:50:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/20/2017 02:50:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The isesrv service terminated unexpectedly. It has done this 1 time(s).
Error: (04/20/2017 02:50:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/20/2017 01:32:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/20/2017 01:10:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/20/2017 01:10:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/20/2017 01:10:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
CodeIntegrity:
===================================
Date: 2017-04-20 14:57:13.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:57:13.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:50:37.860
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:50:37.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:23:26.282
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:23:26.142
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:21:40.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:21:39.885
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:04:52.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-04-20 14:04:52.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 61%
Total physical RAM: 3071.24 MB
Available physical RAM: 1177.65 MB
Total Virtual: 6140.67 MB
Available Virtual: 4141.82 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:221.17 GB) (Free:109.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:64.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 612C6EEB)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=17)
Partition 2: (Active) - (Size=221.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
2017-04-20 15:23:14, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:14, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:16, Info CSI 0000000c [SR] Verify complete
2017-04-20 15:23:17, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:17, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:19, Info CSI 00000010 [SR] Verify complete
2017-04-20 15:23:21, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:21, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:23, Info CSI 00000014 [SR] Verify complete
2017-04-20 15:23:25, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:25, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:28, Info CSI 00000018 [SR] Verify complete
2017-04-20 15:23:29, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:29, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:32, Info CSI 0000001c [SR] Verify complete
2017-04-20 15:23:34, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:34, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:36, Info CSI 00000020 [SR] Verify complete
2017-04-20 15:23:37, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:37, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:39, Info CSI 00000024 [SR] Verify complete
2017-04-20 15:23:41, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:41, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:43, Info CSI 00000028 [SR] Verify complete
2017-04-20 15:23:44, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:44, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:46, Info CSI 0000002c [SR] Verify complete
2017-04-20 15:23:48, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:48, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:51, Info CSI 00000030 [SR] Verify complete
2017-04-20 15:23:52, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:52, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:54, Info CSI 00000034 [SR] Verify complete
2017-04-20 15:23:56, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:56, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2017-04-20 15:23:57, Info CSI 00000038 [SR] Verify complete
2017-04-20 15:23:59, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:23:59, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:02, Info CSI 0000003c [SR] Verify complete
2017-04-20 15:24:04, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:04, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:06, Info CSI 00000040 [SR] Verify complete
2017-04-20 15:24:07, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:07, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:08, Info CSI 00000044 [SR] Verify complete
2017-04-20 15:24:10, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:10, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:11, Info CSI 00000048 [SR] Verify complete
2017-04-20 15:24:12, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:12, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:14, Info CSI 0000004c [SR] Verify complete
2017-04-20 15:24:16, Info CSI 0000004d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:16, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:17, Info CSI 00000050 [SR] Verify complete
2017-04-20 15:24:18, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:18, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:20, Info CSI 00000054 [SR] Verify complete
2017-04-20 15:24:22, Info CSI 00000055 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:22, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:23, Info CSI 00000058 [SR] Verify complete
2017-04-20 15:24:24, Info CSI 00000059 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:24, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:26, Info CSI 0000005c [SR] Verify complete
2017-04-20 15:24:27, Info CSI 0000005d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:27, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:29, Info CSI 00000060 [SR] Verify complete
2017-04-20 15:24:30, Info CSI 00000061 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:30, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:32, Info CSI 00000064 [SR] Verify complete
2017-04-20 15:24:33, Info CSI 00000065 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:33, Info CSI 00000066 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:35, Info CSI 00000068 [SR] Verify complete
2017-04-20 15:24:36, Info CSI 00000069 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:36, Info CSI 0000006a [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:38, Info CSI 0000006c [SR] Verify complete
2017-04-20 15:24:39, Info CSI 0000006d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:39, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:41, Info CSI 00000070 [SR] Verify complete
2017-04-20 15:24:42, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:42, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:43, Info CSI 00000074 [SR] Verify complete
2017-04-20 15:24:44, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:44, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:46, Info CSI 00000078 [SR] Verify complete
2017-04-20 15:24:48, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:48, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:53, Info CSI 0000007c [SR] Verify complete
2017-04-20 15:24:54, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:54, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:56, Info CSI 00000080 [SR] Verify complete
2017-04-20 15:24:57, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:24:57, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2017-04-20 15:24:59, Info CSI 00000084 [SR] Verify complete
2017-04-20 15:25:00, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:00, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:03, Info CSI 00000088 [SR] Verify complete
2017-04-20 15:25:04, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:04, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:05, Info CSI 0000008c [SR] Verify complete
2017-04-20 15:25:06, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:06, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:08, Info CSI 00000090 [SR] Verify complete
2017-04-20 15:25:09, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:09, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:12, Info CSI 00000094 [SR] Verify complete
2017-04-20 15:25:13, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:13, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:14, Info CSI 00000098 [SR] Verify complete
2017-04-20 15:25:15, Info CSI 00000099 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:15, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:19, Info CSI 0000009c [SR] Verify complete
2017-04-20 15:25:20, Info CSI 0000009d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:20, Info CSI 0000009e [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:21, Info CSI 000000a0 [SR] Verify complete
2017-04-20 15:25:22, Info CSI 000000a1 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:22, Info CSI 000000a2 [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:24, Info CSI 000000a4 [SR] Verify complete
2017-04-20 15:25:25, Info CSI 000000a5 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:25, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:27, Info CSI 000000a8 [SR] Verify complete
2017-04-20 15:25:28, Info CSI 000000a9 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:28, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:30, Info CSI 000000ac [SR] Verify complete
2017-04-20 15:25:31, Info CSI 000000ad [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:31, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:33, Info CSI 000000b0 [SR] Verify complete
2017-04-20 15:25:34, Info CSI 000000b1 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:34, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:39, Info CSI 000000b4 [SR] Verify complete
2017-04-20 15:25:39, Info CSI 000000b5 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:39, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:45, Info CSI 000000b8 [SR] Verify complete
2017-04-20 15:25:46, Info CSI 000000b9 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:46, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:50, Info CSI 000000bc [SR] Verify complete
2017-04-20 15:25:51, Info CSI 000000bd [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:51, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2017-04-20 15:25:58, Info CSI 000000c0 [SR] Verify complete
2017-04-20 15:25:59, Info CSI 000000c1 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:25:59, Info CSI 000000c2 [SR] Beginning Verify and Repair transaction
2017-04-20 15:26:10, Info CSI 000000c5 [SR] Verify complete
2017-04-20 15:26:11, Info CSI 000000c6 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:26:11, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2017-04-20 15:26:19, Info CSI 000000cc [SR] Verify complete
2017-04-20 15:26:22, Info CSI 000000cd [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:26:22, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2017-04-20 15:26:32, Info CSI 000000d1 [SR] Verify complete
2017-04-20 15:26:33, Info CSI 000000d2 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:26:33, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2017-04-20 15:26:40, Info CSI 000000d5 [SR] Verify complete
2017-04-20 15:26:41, Info CSI 000000d6 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:26:41, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2017-04-20 15:26:54, Info CSI 000000f6 [SR] Verify complete
2017-04-20 15:26:56, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:26:56, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2017-04-20 15:27:05, Info CSI 00000100 [SR] Verify complete
2017-04-20 15:27:06, Info CSI 00000101 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:27:06, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2017-04-20 15:27:14, Info CSI 00000104 [SR] Verify complete
2017-04-20 15:27:16, Info CSI 00000105 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:27:16, Info CSI 00000106 [SR] Beginning Verify and Repair transaction
2017-04-20 15:27:37, Info CSI 00000108 [SR] Verify complete
2017-04-20 15:27:38, Info CSI 00000109 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:27:38, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2017-04-20 15:27:49, Info CSI 0000010c [SR] Verify complete
2017-04-20 15:27:49, Info CSI 0000010d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:27:49, Info CSI 0000010e [SR] Beginning Verify and Repair transaction
2017-04-20 15:28:04, Info CSI 00000110 [SR] Verify complete
2017-04-20 15:28:05, Info CSI 00000111 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:28:05, Info CSI 00000112 [SR] Beginning Verify and Repair transaction
2017-04-20 15:28:17, Info CSI 00000114 [SR] Verify complete
2017-04-20 15:28:18, Info CSI 00000115 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:28:18, Info CSI 00000116 [SR] Beginning Verify and Repair transaction
2017-04-20 15:28:37, Info CSI 00000139 [SR] Verify complete
2017-04-20 15:28:38, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:28:38, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2017-04-20 15:28:49, Info CSI 0000013d [SR] Verify complete
2017-04-20 15:28:50, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:28:50, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2017-04-20 15:29:08, Info CSI 00000141 [SR] Verify complete
2017-04-20 15:29:09, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:29:09, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2017-04-20 15:29:23, Info CSI 00000147 [SR] Verify complete
2017-04-20 15:29:23, Info CSI 00000148 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:29:23, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2017-04-20 15:29:29, Info CSI 0000014b [SR] Verify complete
2017-04-20 15:29:31, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:29:31, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2017-04-20 15:29:34, Info CSI 0000014f [SR] Verify complete
2017-04-20 15:29:34, Info CSI 00000150 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:29:34, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2017-04-20 15:29:43, Info CSI 00000153 [SR] Verify complete
2017-04-20 15:29:44, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:29:44, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2017-04-20 15:29:55, Info CSI 00000168 [SR] Verify complete
2017-04-20 15:29:55, Info CSI 00000169 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:29:55, Info CSI 0000016a [SR] Beginning Verify and Repair transaction
2017-04-20 15:29:59, Info CSI 0000016c [SR] Verify complete
2017-04-20 15:29:59, Info CSI 0000016d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:29:59, Info CSI 0000016e [SR] Beginning Verify and Repair transaction
2017-04-20 15:30:05, Info CSI 00000170 [SR] Verify complete
2017-04-20 15:30:06, Info CSI 00000171 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:30:06, Info CSI 00000172 [SR] Beginning Verify and Repair transaction
2017-04-20 15:30:11, Info CSI 00000174 [SR] Verify complete
2017-04-20 15:30:12, Info CSI 00000175 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:30:12, Info CSI 00000176 [SR] Beginning Verify and Repair transaction
2017-04-20 15:30:38, Info CSI 00000179 [SR] Verify complete
2017-04-20 15:30:45, Info CSI 0000017a [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:30:45, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2017-04-20 15:31:32, Info CSI 0000017e [SR] Verify complete
2017-04-20 15:31:34, Info CSI 0000017f [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:31:34, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2017-04-20 15:31:43, Info CSI 00000182 [SR] Verify complete
2017-04-20 15:31:44, Info CSI 00000183 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:31:44, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2017-04-20 15:31:48, Info CSI 00000186 [SR] Verify complete
2017-04-20 15:31:49, Info CSI 00000187 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:31:49, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2017-04-20 15:32:00, Info CSI 0000018a [SR] Verify complete
2017-04-20 15:32:01, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:32:01, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2017-04-20 15:32:13, Info CSI 0000018e [SR] Verify complete
2017-04-20 15:32:13, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:32:13, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2017-04-20 15:32:34, Info CSI 00000192 [SR] Verify complete
2017-04-20 15:32:35, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:32:35, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2017-04-20 15:32:49, Info CSI 000001ac [SR] Verify complete
2017-04-20 15:32:50, Info CSI 000001ad [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:32:50, Info CSI 000001ae [SR] Beginning Verify and Repair transaction
2017-04-20 15:32:59, Info CSI 000001b0 [SR] Verify complete
2017-04-20 15:32:59, Info CSI 000001b1 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:32:59, Info CSI 000001b2 [SR] Beginning Verify and Repair transaction
2017-04-20 15:33:24, Info CSI 000001b4 [SR] Verify complete
2017-04-20 15:33:24, Info CSI 000001b5 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:33:24, Info CSI 000001b6 [SR] Beginning Verify and Repair transaction
2017-04-20 15:33:40, Info CSI 000001b9 [SR] Verify complete
2017-04-20 15:33:41, Info CSI 000001ba [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:33:41, Info CSI 000001bb [SR] Beginning Verify and Repair transaction
2017-04-20 15:33:52, Info CSI 000001bd [SR] Verify complete
2017-04-20 15:33:53, Info CSI 000001be [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:33:53, Info CSI 000001bf [SR] Beginning Verify and Repair transaction
2017-04-20 15:34:00, Info CSI 000001c1 [SR] Verify complete
2017-04-20 15:34:00, Info CSI 000001c2 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:34:00, Info CSI 000001c3 [SR] Beginning Verify and Repair transaction
2017-04-20 15:34:09, Info CSI 000001c5 [SR] Verify complete
2017-04-20 15:34:10, Info CSI 000001c6 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:34:10, Info CSI 000001c7 [SR] Beginning Verify and Repair transaction
2017-04-20 15:34:16, Info CSI 000001cb [SR] Verify complete
2017-04-20 15:34:17, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:34:17, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2017-04-20 15:34:24, Info CSI 000001cf [SR] Verify complete
2017-04-20 15:34:24, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:34:24, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2017-04-20 15:34:45, Info CSI 000001d3 [SR] Verify complete
2017-04-20 15:34:46, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:34:46, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2017-04-20 15:34:57, Info CSI 000001d8 [SR] Verify complete
2017-04-20 15:34:58, Info CSI 000001d9 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:34:58, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2017-04-20 15:35:06, Info CSI 000001dd [SR] Verify complete
2017-04-20 15:35:06, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:35:06, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2017-04-20 15:35:14, Info CSI 000001e1 [SR] Verify complete
2017-04-20 15:35:15, Info CSI 000001e2 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:35:15, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction
2017-04-20 15:35:28, Info CSI 000001e6 [SR] Verify complete
2017-04-20 15:35:28, Info CSI 000001e7 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:35:28, Info CSI 000001e8 [SR] Beginning Verify and Repair transaction
2017-04-20 15:35:35, Info CSI 000001ea [SR] Verify complete
2017-04-20 15:35:36, Info CSI 000001eb [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:35:36, Info CSI 000001ec [SR] Beginning Verify and Repair transaction
2017-04-20 15:35:44, Info CSI 000001ee [SR] Verify complete
2017-04-20 15:35:44, Info CSI 000001ef [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:35:44, Info CSI 000001f0 [SR] Beginning Verify and Repair transaction
2017-04-20 15:35:51, Info CSI 000001f2 [SR] Verify complete
2017-04-20 15:35:52, Info CSI 000001f3 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:35:52, Info CSI 000001f4 [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:00, Info CSI 000001f7 [SR] Verify complete
2017-04-20 15:36:00, Info CSI 000001f8 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:00, Info CSI 000001f9 [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:06, Info CSI 000001fc [SR] Verify complete
2017-04-20 15:36:07, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:07, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:13, Info CSI 00000200 [SR] Verify complete
2017-04-20 15:36:14, Info CSI 00000201 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:14, Info CSI 00000202 [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:23, Info CSI 00000205 [SR] Verify complete
2017-04-20 15:36:24, Info CSI 00000206 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:24, Info CSI 00000207 [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:31, Info CSI 0000020b [SR] Verify complete
2017-04-20 15:36:32, Info CSI 0000020c [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:32, Info CSI 0000020d [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:40, Info CSI 0000020f [SR] Verify complete
2017-04-20 15:36:41, Info CSI 00000210 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:41, Info CSI 00000211 [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:50, Info CSI 00000214 [SR] Verify complete
2017-04-20 15:36:51, Info CSI 00000215 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:51, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2017-04-20 15:36:59, Info CSI 00000218 [SR] Verify complete
2017-04-20 15:36:59, Info CSI 00000219 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:36:59, Info CSI 0000021a [SR] Beginning Verify and Repair transaction
2017-04-20 15:37:03, Info CSI 0000021c [SR] Verify complete
2017-04-20 15:37:03, Info CSI 0000021d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:37:03, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2017-04-20 15:37:09, Info CSI 00000220 [SR] Verify complete
2017-04-20 15:37:10, Info CSI 00000221 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:37:10, Info CSI 00000222 [SR] Beginning Verify and Repair transaction
2017-04-20 15:37:17, Info CSI 00000224 [SR] Verify complete
2017-04-20 15:37:18, Info CSI 00000225 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:37:18, Info CSI 00000226 [SR] Beginning Verify and Repair transaction
2017-04-20 15:37:25, Info CSI 00000228 [SR] Verify complete
2017-04-20 15:37:26, Info CSI 00000229 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:37:26, Info CSI 0000022a [SR] Beginning Verify and Repair transaction
2017-04-20 15:37:32, Info CSI 0000022c [SR] Verify complete
2017-04-20 15:37:33, Info CSI 0000022d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:37:33, Info CSI 0000022e [SR] Beginning Verify and Repair transaction
2017-04-20 15:37:39, Info CSI 00000230 [SR] Verify complete
2017-04-20 15:37:40, Info CSI 00000231 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:37:40, Info CSI 00000232 [SR] Beginning Verify and Repair transaction
2017-04-20 15:37:58, Info CSI 00000234 [SR] Verify complete
2017-04-20 15:37:59, Info CSI 00000235 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:37:59, Info CSI 00000236 [SR] Beginning Verify and Repair transaction
2017-04-20 15:38:32, Info CSI 00000238 [SR] Verify complete
2017-04-20 15:38:32, Info CSI 00000239 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:38:32, Info CSI 0000023a [SR] Beginning Verify and Repair transaction
2017-04-20 15:38:42, Info CSI 0000023c [SR] Verify complete
2017-04-20 15:38:42, Info CSI 0000023d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:38:42, Info CSI 0000023e [SR] Beginning Verify and Repair transaction
2017-04-20 15:38:51, Info CSI 00000240 [SR] Verify complete
2017-04-20 15:38:52, Info CSI 00000241 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:38:52, Info CSI 00000242 [SR] Beginning Verify and Repair transaction
2017-04-20 15:38:54, Info CSI 00000244 [SR] Verify complete
2017-04-20 15:38:55, Info CSI 00000245 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:38:55, Info CSI 00000246 [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:00, Info CSI 00000248 [SR] Verify complete
2017-04-20 15:39:01, Info CSI 00000249 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:01, Info CSI 0000024a [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:08, Info CSI 0000024c [SR] Verify complete
2017-04-20 15:39:09, Info CSI 0000024d [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:09, Info CSI 0000024e [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:13, Info CSI 00000250 [SR] Verify complete
2017-04-20 15:39:14, Info CSI 00000251 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:14, Info CSI 00000252 [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:15, Info CSI 00000254 [SR] Verify complete
2017-04-20 15:39:16, Info CSI 00000255 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:16, Info CSI 00000256 [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:22, Info CSI 0000025e [SR] Verify complete
2017-04-20 15:39:23, Info CSI 0000025f [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:23, Info CSI 00000260 [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:34, Info CSI 00000262 [SR] Verify complete
2017-04-20 15:39:34, Info CSI 00000263 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:34, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:39, Info CSI 00000266 [SR] Verify complete
2017-04-20 15:39:40, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:40, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:45, Info CSI 0000026a [SR] Verify complete
2017-04-20 15:39:46, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:46, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2017-04-20 15:39:52, Info CSI 0000026e [SR] Verify complete
2017-04-20 15:39:53, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:39:53, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2017-04-20 15:40:02, Info CSI 00000273 [SR] Verify complete
2017-04-20 15:40:03, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:40:03, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2017-04-20 15:40:10, Info CSI 00000277 [SR] Verify complete
2017-04-20 15:40:10, Info CSI 00000278 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:40:10, Info CSI 00000279 [SR] Beginning Verify and Repair transaction
2017-04-20 15:40:14, Info CSI 0000027b [SR] Verify complete
2017-04-20 15:40:14, Info CSI 0000027c [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:40:14, Info CSI 0000027d [SR] Beginning Verify and Repair transaction
2017-04-20 15:40:24, Info CSI 00000280 [SR] Verify complete
2017-04-20 15:40:25, Info CSI 00000281 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:40:25, Info CSI 00000282 [SR] Beginning Verify and Repair transaction
2017-04-20 15:40:41, Info CSI 00000286 [SR] Verify complete
2017-04-20 15:40:41, Info CSI 00000287 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:40:41, Info CSI 00000288 [SR] Beginning Verify and Repair transaction
2017-04-20 15:40:53, Info CSI 0000028d [SR] Verify complete
2017-04-20 15:40:54, Info CSI 0000028e [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:40:54, Info CSI 0000028f [SR] Beginning Verify and Repair transaction
2017-04-20 15:41:04, Info CSI 00000297 [SR] Verify complete
2017-04-20 15:41:04, Info CSI 00000298 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:41:04, Info CSI 00000299 [SR] Beginning Verify and Repair transaction
2017-04-20 15:41:25, Info CSI 000002a2 [SR] Verify complete
2017-04-20 15:41:27, Info CSI 000002a3 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:41:27, Info CSI 000002a4 [SR] Beginning Verify and Repair transaction
2017-04-20 15:41:41, Info CSI 000002a9 [SR] Verify complete
2017-04-20 15:41:41, Info CSI 000002aa [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:41:41, Info CSI 000002ab [SR] Beginning Verify and Repair transaction
2017-04-20 15:41:55, Info CSI 000002af [SR] Verify complete
2017-04-20 15:41:57, Info CSI 000002b0 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:41:57, Info CSI 000002b1 [SR] Beginning Verify and Repair transaction
2017-04-20 15:42:03, Info CSI 000002b3 [SR] Verify complete
2017-04-20 15:42:04, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:42:04, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2017-04-20 15:42:14, Info CSI 000002d8 [SR] Verify complete
2017-04-20 15:42:17, Info CSI 000002d9 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:42:17, Info CSI 000002da [SR] Beginning Verify and Repair transaction
2017-04-20 15:42:24, Info CSI 000002de [SR] Verify complete
2017-04-20 15:42:25, Info CSI 000002df [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:42:25, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2017-04-20 15:42:32, Info CSI 000002e2 [SR] Verify complete
2017-04-20 15:42:33, Info CSI 000002e3 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:42:33, Info CSI 000002e4 [SR] Beginning Verify and Repair transaction
2017-04-20 15:42:40, Info CSI 000002e6 [SR] Verify complete
2017-04-20 15:42:41, Info CSI 000002e7 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:42:41, Info CSI 000002e8 [SR] Beginning Verify and Repair transaction
2017-04-20 15:42:48, Info CSI 000002f5 [SR] Verify complete
2017-04-20 15:42:48, Info CSI 000002f6 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:42:48, Info CSI 000002f7 [SR] Beginning Verify and Repair transaction
2017-04-20 15:42:49, Info CSI 000002f9 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:42:49, Info CSI 000002fb [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:42:53, Info CSI 000002fd [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:42:54, Info CSI 000002ff [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:42:54, Info CSI 00000300 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:42:54, Info CSI 00000303 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
2017-04-20 15:42:55, Info CSI 00000306 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:42:55, Info CSI 00000307 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:42:55, Info CSI 0000030a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted
2017-04-20 15:42:55, Info CSI 0000030c [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:42:55, Info CSI 0000030d [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:42:55, Info CSI 00000310 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
2017-04-20 15:42:55, Info CSI 00000312 [SR] Verify complete
2017-04-20 15:42:57, Info CSI 00000313 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:42:57, Info CSI 00000314 [SR] Beginning Verify and Repair transaction
2017-04-20 15:43:01, Info CSI 00000316 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:43:08, Info CSI 00000318 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:43:08, Info CSI 00000319 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:43:08, Info CSI 0000031c [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
2017-04-20 15:43:10, Info CSI 00000324 [SR] Verify complete
2017-04-20 15:43:11, Info CSI 00000325 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:43:11, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2017-04-20 15:43:20, Info CSI 0000032e [SR] Verify complete
2017-04-20 15:43:20, Info CSI 0000032f [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:43:20, Info CSI 00000330 [SR] Beginning Verify and Repair transaction
2017-04-20 15:43:26, Info CSI 00000332 [SR] Verify complete
2017-04-20 15:43:26, Info CSI 00000333 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:43:26, Info CSI 00000334 [SR] Beginning Verify and Repair transaction
2017-04-20 15:43:36, Info CSI 00000337 [SR] Verify complete
2017-04-20 15:43:36, Info CSI 00000338 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:43:36, Info CSI 00000339 [SR] Beginning Verify and Repair transaction
2017-04-20 15:43:40, Info CSI 0000033b [SR] Verify complete
2017-04-20 15:43:41, Info CSI 0000033c [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:43:41, Info CSI 0000033d [SR] Beginning Verify and Repair transaction
2017-04-20 15:43:49, Info CSI 0000033f [SR] Verify complete
2017-04-20 15:43:50, Info CSI 00000340 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:43:50, Info CSI 00000341 [SR] Beginning Verify and Repair transaction
2017-04-20 15:43:56, Info CSI 00000343 [SR] Verify complete
2017-04-20 15:43:57, Info CSI 00000344 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:43:57, Info CSI 00000345 [SR] Beginning Verify and Repair transaction
2017-04-20 15:44:03, Info CSI 00000347 [SR] Verify complete
2017-04-20 15:44:04, Info CSI 00000348 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:44:04, Info CSI 00000349 [SR] Beginning Verify and Repair transaction
2017-04-20 15:44:18, Info CSI 00000363 [SR] Verify complete
2017-04-20 15:44:19, Info CSI 00000364 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:44:19, Info CSI 00000365 [SR] Beginning Verify and Repair transaction
2017-04-20 15:44:38, Info CSI 00000367 [SR] Verify complete
2017-04-20 15:44:38, Info CSI 00000368 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:44:38, Info CSI 00000369 [SR] Beginning Verify and Repair transaction
2017-04-20 15:44:47, Info CSI 0000036b [SR] Verify complete
2017-04-20 15:44:48, Info CSI 0000036c [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:44:48, Info CSI 0000036d [SR] Beginning Verify and Repair transaction
2017-04-20 15:44:57, Info CSI 0000036f [SR] Verify complete
2017-04-20 15:44:57, Info CSI 00000370 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:44:57, Info CSI 00000371 [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:15, Info CSI 00000375 [SR] Verify complete
2017-04-20 15:45:16, Info CSI 00000376 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:16, Info CSI 00000377 [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:21, Info CSI 00000379 [SR] Verify complete
2017-04-20 15:45:22, Info CSI 0000037a [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:22, Info CSI 0000037b [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:27, Info CSI 0000037d [SR] Verify complete
2017-04-20 15:45:28, Info CSI 0000037e [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:28, Info CSI 0000037f [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:33, Info CSI 00000381 [SR] Verify complete
2017-04-20 15:45:34, Info CSI 00000382 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:34, Info CSI 00000383 [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:39, Info CSI 00000386 [SR] Verify complete
2017-04-20 15:45:40, Info CSI 00000387 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:40, Info CSI 00000388 [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:46, Info CSI 0000038a [SR] Verify complete
2017-04-20 15:45:46, Info CSI 0000038b [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:46, Info CSI 0000038c [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:52, Info CSI 0000038e [SR] Verify complete
2017-04-20 15:45:53, Info CSI 0000038f [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:53, Info CSI 00000390 [SR] Beginning Verify and Repair transaction
2017-04-20 15:45:59, Info CSI 00000392 [SR] Verify complete
2017-04-20 15:45:59, Info CSI 00000393 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:45:59, Info CSI 00000394 [SR] Beginning Verify and Repair transaction
2017-04-20 15:46:06, Info CSI 00000397 [SR] Verify complete
2017-04-20 15:46:06, Info CSI 00000398 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:46:06, Info CSI 00000399 [SR] Beginning Verify and Repair transaction
2017-04-20 15:46:13, Info CSI 0000039b [SR] Verify complete
2017-04-20 15:46:14, Info CSI 0000039c [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:46:14, Info CSI 0000039d [SR] Beginning Verify and Repair transaction
2017-04-20 15:46:20, Info CSI 0000039f [SR] Verify complete
2017-04-20 15:46:21, Info CSI 000003a0 [SR] Verifying 100 (0x0000000000000064) components
2017-04-20 15:46:21, Info CSI 000003a1 [SR] Beginning Verify and Repair transaction
2017-04-20 15:46:27, Info CSI 000003a3 [SR] Verify complete
2017-04-20 15:46:28, Info CSI 000003a4 [SR] Verifying 89 (0x0000000000000059) components
2017-04-20 15:46:28, Info CSI 000003a5 [SR] Beginning Verify and Repair transaction
2017-04-20 15:46:33, Info CSI 000003a7 [SR] Verify complete
2017-04-20 15:46:33, Info CSI 000003a8 [SR] Repairing 4 components
2017-04-20 15:46:33, Info CSI 000003a9 [SR] Beginning Verify and Repair transaction
2017-04-20 15:46:33, Info CSI 000003ab [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003ad [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003af [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003b1 [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003b3 [SR] Cannot repair member file [l:22{11}]"fdeploy.dll" of Microsoft-Windows-fdeploy, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003b4 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:46:33, Info CSI 000003b7 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"fdeploy.dll"; source file in store is also corrupted
2017-04-20 15:46:33, Info CSI 000003b9 [SR] Cannot repair member file [l:14{7}]"fde.dll" of Microsoft-Windows-fde, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003ba [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:46:33, Info CSI 000003bd [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:14{7}]"fde.dll"; source file in store is also corrupted
2017-04-20 15:46:33, Info CSI 000003bf [SR] Cannot repair member file [l:20{10}]"gptext.dll" of Microsoft-Windows-GroupPolicy-Gptext, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003c0 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:46:33, Info CSI 000003c3 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gptext.dll"; source file in store is also corrupted
2017-04-20 15:46:33, Info CSI 000003c5 [SR] Cannot repair member file [l:20{10}]"gpedit.dll" of Microsoft-Windows-GroupPolicy-Admin-Gpedit, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-04-20 15:46:33, Info CSI 000003c6 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2017-04-20 15:46:33, Info CSI 000003c9 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"gpedit.dll"; source file in store is also corrupted
2017-04-20 15:46:33, Info CSI 000003cb [SR] Repair complete
2017-04-20 15:46:33, Info CSI 000003cc [SR] Committing transaction
2017-04-20 15:46:33, Info CSI 000003d0 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/04/2017 15:50:28
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2017 14:29:29
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 20.
Log: 'System' Date/Time: 20/04/2017 14:20:39
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/04/2017 15:52:03
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/04/2017 14:15:28
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3226483179-4034785836-799415362-1000:
Process 1304 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3226483179-4034785836-799415362-1000
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
cavwp.exe 16,488 K 4,828 K 4092 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
cis.exe 6,868 K 6,880 K 916 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
jusched.exe 2,036 K 6,436 K 2784 Java Update Scheduler Oracle Corporation (Verified) Oracle America
Locator.exe 1,548 K 3,592 K 2028 Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5,340 K 11,164 K 628 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 2,120 K 12,332 K 1972 Notepad Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,952 K 8,528 K 3372 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
services.exe 6,188 K 8,876 K 612 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 440 K 1,008 K 384 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,720 K 10,900 K 1412 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SSDMonitor.exe 1,848 K 5,840 K 3576 SSDMonit Application PC Tools (Verified) PC Tools
svchost.exe 5,520 K 10,052 K 1592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,560 K 6,912 K 1088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,540 K 6,652 K 1624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,888 K 5,884 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,732 K 4,140 K 1912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,748 K 5,704 K 2960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,464 K 8,088 K 904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,776 K 9,388 K 816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 12,392 K 10,516 K 1444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,256 K 15,788 K 252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 126,496 K 132,092 K 416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 11,520 K 17,212 K 4408 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,512 K 3,980 K 552 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,748 K 5,548 K 700 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,308 K 8,016 K 4124 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,828 K 11,392 K 1584 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
StartManSvc.exe < 0.01 3,480 K 9,072 K 1816 StartMan Application PC Tools (Verified) PC Tools
svchost.exe < 0.01 22,916 K 17,380 K 1252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 21,476 K 31,204 K 1036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,356 K 4,332 K 480 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 12,836 K 12,908 K 2232 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
aswidsagenta.exe < 0.01 16,212 K 23,880 K 2972 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
vkise.exe < 0.01 11,160 K 19,588 K 2788 Internet Security Essentials COMODO (Verified) Comodo Security Solutions
isesrv.exe < 0.01 2,448 K 4,516 K 1656 Internet Security Essentials COMODO (Verified) Comodo Security Solutions
csrss.exe < 0.01 11,012 K 14,612 K 576 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.01 20,188 K 31,824 K 3560 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.01 8,112 K 11,112 K 732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
CisTray.exe 0.01 3,904 K 2,880 K 3184 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
AvastSvc.exe 0.03 99,612 K 40,972 K 1316 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
lsm.exe 0.03 3,176 K 5,084 K 636 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.08 36,480 K 70,020 K 2328 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.16 0 K 0 K n/a Hardware Interrupts and DPCs
cmdagent.exe 0.28 31,360 K 40,076 K 952 COMODO Internet Security COMODO (Verified) Comodo Security Solutions
dwm.exe 0.52 48,800 K 79,956 K 2392 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.77 160 K 1,752 K 4
firefox.exe 1.90 743,676 K 789,444 K 4348 Firefox Mozilla Corporation (Verified) Mozilla Corporation
procexp64.exe 2.86 25,252 K 49,868 K 4188 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 93.32 0 K 24 K 0
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 384 N/A
csrss.exe 480 N/A
wininit.exe 552 N/A
csrss.exe 576 N/A
services.exe 612 N/A
lsass.exe 628 SamSs
lsm.exe 636 N/A
winlogon.exe 700 N/A
svchost.exe 816 DcomLaunch, PlugPlay, Power
svchost.exe 904 RpcEptMapper, RpcSs
cmdagent.exe 952 CmdAgent
svchost.exe 252 AudioSrv, Dhcp, eventlog, wscsvc
svchost.exe 416 AudioEndpointBuilder, Netman, PcaSvc,
SysMain, TrkWks, UxSms, WdiSystemHost
svchost.exe 732 EventSystem, FontCache, netprofm, nsi,
SstpSvc, WdiServiceHost, WinHttpAutoProxySv
svchost.exe 1036 BITS, IKEEXT, iphlpsvc, LanmanServer,
ProfSvc, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, Themes, Winmgmt, wuauserv
svchost.exe 1140 gpsvc
svchost.exe 1252 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TapiSrv
AvastSvc.exe 1316 avast! Antivirus
spoolsv.exe 1412 Spooler
svchost.exe 1444 BFE, DPS, MpsSvc
svchost.exe 1592 DiagTrack
svchost.exe 1624 FDResPub
isesrv.exe 1656 isesrv
StartManSvc.exe 1816 PCToolsSSDMonitorSvc
svchost.exe 1912 RemoteRegistry
Locator.exe 2028 RpcLocator
svchost.exe 1088 stisvc
taskhost.exe 2232 N/A
dwm.exe 2392 N/A
aswidsagenta.exe 2972 aswbIDSAgent
svchost.exe 2960 PolicyAgent
cavwp.exe 4092 N/A
CisTray.exe 3184 N/A
AvastUI.exe 3560 N/A
jusched.exe 2784 N/A
SSDMonitor.exe 3576 N/A
vkise.exe 2788 N/A
cis.exe 916 N/A
explorer.exe 2328 N/A
firefox.exe 4348 N/A
WmiPrvSE.exe 1584 N/A
notepad.exe 1972 N/A
WmiPrvSE.exe 4124 N/A
cmd.exe 4964 N/A
conhost.exe 4308 N/A
tasklist.exe 4840 N/A