PaulAllen

April 23, 2015

It still seems to do it while I am browsing just did it just now, it's random timing when it try's and always outbound.

Detection, 23/04/2015 15:08:14, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound,

April 23, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2015 01

Ran by Earth at 2015-04-23 14:59:28 Run:2

Running from C:\Users\Earth\Desktop

Loaded Profiles: Earth (Available profiles: Earth)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

EmptyTemp:

Reboot:

end

*****************

Processes closed successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

EmptyTemp: => Removed 83.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog 15:00:16 ====

April 23, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-04-2015 01

Ran by Earth at 2015-04-23 14:42:58

Running from C:\Users\Earth\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}

FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)

Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)

CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)

COMODO Firewall (HKLM\...\{68BE8BAB-5375-4C99-9116-1808F5968D40}) (Version: 8.1.0.4426 - COMODO Security Solutions Inc.)

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )

EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)

Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.6.0.0 - QFX Software Corporation)

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )

SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

15-04-2015 21:26:26 Scheduled Checkpoint

18-04-2015 22:03:56 Scheduled Checkpoint

19-04-2015 13:53:19 Scheduled Checkpoint

21-04-2015 08:54:33 Scheduled Checkpoint

21-04-2015 09:06:57 Installed Microsoft Fix it 50267

21-04-2015 21:44:32 Scheduled Checkpoint

22-04-2015 11:06:36 Scheduled Checkpoint

22-04-2015 11:25:01 Windows Update

22-04-2015 16:34:06 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-31 21:41 - 2013-09-03 17:19 - 00000759 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {056CA88A-173F-44DE-95E3-D2CADEF48CF2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)

Task: {28811A99-9E43-4C61-A166-751088E0548D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO)

Task: {2E9BE86C-C8AC-49F3-B551-0C5FC694BEEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-22] (Piriform Ltd)

Task: {744D7388-ACC0-4A2C-9534-C32AF11DA6B6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

Task: {A3DDFCD4-F63D-42E3-AA78-77091AA7F8C3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-20] (COMODO)

Task: {BE69959B-50A7-494D-8FEC-36E98117D732} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-20] (COMODO)

Task: {C2EF5941-0DCB-49CC-BE55-37875E076DDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)

Task: {EC11806B-13F2-47A6-A731-6A906F9251AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-22 15:27 - 2015-04-22 16:35 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-03-22 15:27 - 2015-04-22 16:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-04-22 21:01 - 2015-04-22 21:01 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042202\algo.dll

2015-04-23 08:50 - 2015-04-23 08:50 - 02927104 _____ () C:\Program Files\AVAST Software\Avast\defs\15042300\algo.dll

2015-03-22 15:27 - 2015-03-22 15:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID

AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID

AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID

AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID

AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID

AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID

AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\E_DCINST.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\E_FBCBADE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\E_FBCHADE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\E_FLMADE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdco6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\GameUXLegacyGDFs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iccvid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\idecoi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\idecoiins.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfc40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfc40u.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSCOMCTL.OCX:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mshta.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSSTDFMT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvconrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcuvenc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvd3dum.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvoglv32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvuninst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvunrm.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvwgf2um.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrm.vbs:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrsmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ASACPI.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\nvmfdx32.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\nvstor32.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\Rtnicxp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbprint.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\etc\hosts.old:$CmdZnID

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

AlternateDataStreams: C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\cissp-cib.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\ComboFix.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Desktop\ComboFix.exe:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\FRST.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Desktop\FRST.exe:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\hosts.zip:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\JRT.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Desktop\JRT.exe:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\OTL.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Desktop\OTL.exe:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Desktop\tdsskiller.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Desktop\tdsskiller.exe:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Documents\KeyScrambler_Setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf:$CmdZnID

AlternateDataStreams: C:\Users\Earth\Documents\npp.6.7.3.Installer.exe:$CmdTcID

AlternateDataStreams: C:\Users\Earth\Documents\privatetunnel-win-2.4.exe:$CmdTcID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13810967.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13810967.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0411dd.com -> 0411dd.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0511zfhl.com -> 0511zfhl.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0632qyw.com -> 0632qyw.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2376867508-200169253-45356126-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ArcService => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Monitor 4.lnk => C:\Windows\pss\Device Monitor 4.lnk.CommonStartup

MSCONFIG\startupreg: EPSON Stylus DX4800 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SB7ED.tmp" /EF "HKLM"

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-2376867508-200169253-45356126-500 - Administrator - Disabled)

Earth (S-1-5-21-2376867508-200169253-45356126-1000 - Administrator - Enabled) => C:\Users\Earth

Guest (S-1-5-21-2376867508-200169253-45356126-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/22/2015 06:26:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application gimp-2.8.exe, version 2.8.14.0, time stamp 0x00000000, faulting module libpixman-1-0.dll, version 0.0.0.0, time stamp 0x3f2e3eab, exception code 0xc0000005, fault offset 0x0006fc33,

process id 0x13d4, application start time 0xgimp-2.8.exe0.

Error: (04/22/2015 04:50:09 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (04/22/2015 04:34:06 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {29475c8a-0268-4327-848f-469db4dd3a31}

Error: (04/21/2015 10:57:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\EARTH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

System errors:

=============

Error: (04/22/2015 09:14:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

Error: (04/22/2015 09:05:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

Error: (04/22/2015 09:00:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

Error: (04/21/2015 10:44:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Software Licensing23000001Restart the service

Error: (04/21/2015 10:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Print Spooler2600001Restart the service

Error: (04/21/2015 10:44:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Windows Search1300001Restart the service

Error: (04/21/2015 10:33:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: MBAMService1

Error: (04/21/2015 10:33:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: MBAMScheduler1

Error: (04/21/2015 10:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Print Spooler1600001Restart the service

Error: (04/21/2015 10:33:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Software Licensing11200001Restart the service

Microsoft Office Sessions:

=========================

Error: (04/22/2015 06:26:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: gimp-2.8.exe2.8.14.000000000libpixman-1-0.dll0.0.0.03f2e3eabc00000050006fc3313d401d07d1fbc38130d

Error: (04/22/2015 04:50:09 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (04/22/2015 04:34:06 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {29475c8a-0268-4327-848f-469db4dd3a31}

Error: (04/21/2015 10:57:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

C:\USERS\EARTH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (04/21/2015 00:09:04 AM) (Source: WinMgmt) (EventID: 24) (User: )

Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

CodeIntegrity Errors:

===================================

Date: 2015-04-23 14:42:30.319

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 14:42:30.179

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 14:42:30.038

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 14:42:29.898

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 09:07:41.017

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 09:07:40.847

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 09:07:23.942

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 09:07:23.673

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\WinPatrol\WinPatrol\patrolpro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-23 08:48:00.334

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-22 19:08:45.331

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz

Percentage of memory in use: 42%

Total physical RAM: 3581.63 MB

Available physical RAM: 2060.25 MB

Total Pagefile: 7372.23 MB

Available Pagefile: 5706.28 MB

Total Virtual: 2047.88 MB

Available Virtual: 1914.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:866 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 93D0ECF1)

Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

April 23, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2015 01

Ran by Earth (administrator) on EARTH-PC on 23-04-2015 14:42:18

Running from C:\Users\Earth\Desktop

Loaded Profiles: Earth (Available profiles: Earth)

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(Ruiware LLC) C:\Program Files\WinPatrol\WinPatrol\WinPatrol.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1359064 2015-04-20] (COMODO)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-22] (Avast Software s.r.o.)

HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe [509216 2015-03-26] (QFX Software Corporation)

HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\Run: [WinPatrol] => C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-03-24] (Ruiware LLC)

HKU\S-1-5-21-2376867508-200169253-45356126-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Program Files\ArcPlugins\NPSWF32.dll No File

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-22] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-22]

Chrome:

=======

CHR HomePage: Default -> https://www.google.co.uk/

CHR StartupUrls: Default -> "https://www.google.co.uk/"

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File

CHR Profile: C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]

CHR Extension: (YouTube) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]

CHR Extension: (Google Search) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]

CHR Extension: (Bookmark Manager) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]

CHR Extension: (Avast Online Security) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]

CHR Extension: (Google Wallet) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]

CHR Extension: (Gmail) - C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files\Arc\ArcService.exe [88584 2015-04-19] (Perfect World Entertainment Inc)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-22] (Avast Software)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4351816 2015-04-20] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664728 2015-04-20] (COMODO)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)

R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-04-01] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [622192 2015-04-01] (COMODO)

R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [40736 2015-04-01] (COMODO)

R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-04-01] (COMODO)

R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [210512 2015-02-07] (QFX Software Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-23] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2015-03-22] ()

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-22] (Avast Software)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\Users\Earth\AppData\Local\Temp\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 14:42 - 2015-04-23 14:42 - 01139200 _____ (Farbar) C:\Users\Earth\Desktop\FRST.exe

2015-04-23 14:42 - 2015-04-23 14:42 - 00011621 _____ () C:\Users\Earth\Desktop\FRST.txt

2015-04-23 09:02 - 2015-04-23 09:02 - 00138355 _____ () C:\Users\Earth\Desktop\hosts.zip

2015-04-22 22:43 - 2015-04-22 22:44 - 02347384 _____ (ESET) C:\Users\Earth\Desktop\esetsmartinstaller_enu.exe

2015-04-22 18:48 - 2015-04-22 18:48 - 00000833 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel

2015-04-22 18:41 - 2015-04-22 18:41 - 00602112 _____ (OldTimer Tools) C:\Users\Earth\Desktop\OTL.exe

2015-04-22 17:48 - 2015-02-11 13:44 - 644050851 _____ () C:\Users\Earth\Desktop\bits.zip

2015-04-22 16:35 - 2015-04-22 16:35 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe

2015-04-22 16:35 - 2015-04-22 16:35 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

2015-04-22 10:33 - 2015-04-22 10:33 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Earth\Desktop\tdsskiller.exe

2015-04-22 09:18 - 2015-04-22 09:18 - 00019299 _____ () C:\ComboFix.txt

2015-04-22 08:59 - 2015-04-22 08:57 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-04-22 08:59 - 2015-04-22 08:57 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-04-22 08:59 - 2015-04-22 08:57 - 00256000 _____ () C:\Windows\PEV.exe

2015-04-22 08:59 - 2015-04-22 08:57 - 00208896 _____ () C:\Windows\MBR.exe

2015-04-22 08:59 - 2015-04-22 08:57 - 00098816 _____ () C:\Windows\sed.exe

2015-04-22 08:59 - 2015-04-22 08:57 - 00080412 _____ () C:\Windows\grep.exe

2015-04-22 08:59 - 2015-04-22 08:57 - 00068096 _____ () C:\Windows\zip.exe

2015-04-22 08:59 - 2015-04-22 08:57 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-04-22 08:58 - 2015-04-22 09:18 - 00000000 ____D () C:\Qoobox

2015-04-22 08:57 - 2015-04-22 09:15 - 00000000 ____D () C:\Windows\erdnt

2015-04-22 08:55 - 2015-04-22 08:55 - 05619466 ____R (Swearware) C:\Users\Earth\Desktop\ComboFix.exe

2015-04-21 23:50 - 2015-04-21 23:51 - 00000000 ____D () C:\Users\Earth\Desktop\New Folder

2015-04-21 22:42 - 2015-04-21 22:44 - 00000000 ____D () C:\AdwCleaner

2015-04-21 22:32 - 2015-04-21 22:32 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat

2015-04-21 22:32 - 2015-04-21 22:32 - 00000000 ____D () C:\RegBackup

2015-04-21 22:28 - 2015-04-21 22:28 - 02685507 _____ (Thisisu) C:\Users\Earth\Desktop\JRT.exe

2015-04-21 22:28 - 2015-04-21 22:28 - 02217984 _____ () C:\Users\Earth\Desktop\adwcleaner_4.201.exe

2015-04-21 19:33 - 2015-04-21 19:33 - 00000050 _____ () C:\Users\Earth\Desktop\globe.txt

2015-04-21 09:19 - 2015-04-23 00:08 - 00000000 ____D () C:\Users\Earth\Desktop\old

2015-04-20 23:05 - 2015-04-20 23:06 - 00000000 ____D () C:\Users\Earth\Desktop\sound and vid intro

2015-04-20 14:52 - 2015-04-23 14:42 - 00000000 ____D () C:\FRST

2015-04-20 14:40 - 2015-04-21 00:07 - 00003608 _____ () C:\Windows\system32\Drivers\fvstore.dat

2015-04-20 14:40 - 2015-04-20 14:40 - 00000000 ____D () C:\VTRoot

2015-04-19 12:22 - 2015-04-19 12:26 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-04-19 12:22 - 2015-04-19 12:22 - 00000000 ____D () C:\Program Files\HitmanPro

2015-04-19 10:27 - 2015-04-19 10:27 - 00000219 _____ () C:\Users\Earth\Desktop\secureing wordpress.txt

2015-04-14 23:08 - 2015-04-14 23:08 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-14 23:03 - 2015-04-14 23:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-14 23:03 - 2015-04-14 23:03 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-14 23:03 - 2015-04-14 23:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-14 23:02 - 2015-04-14 23:02 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-04-14 23:02 - 2015-04-14 23:02 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-14 23:02 - 2015-04-14 23:02 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-14 22:57 - 2015-04-14 22:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-14 22:57 - 2015-04-14 22:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-04-14 22:57 - 2015-04-14 22:57 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-04-14 22:57 - 2015-04-14 22:57 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-04-14 22:57 - 2015-03-10 00:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-14 22:57 - 2015-03-09 23:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-13 09:37 - 2015-04-22 13:48 - 00000667 _____ () C:\Users\Earth\Desktop\music.txt

2015-04-08 08:53 - 2015-04-08 08:53 - 00106593 _____ () C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html

2015-04-08 08:53 - 2015-04-08 08:53 - 00000000 ____D () C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe_files

2015-04-08 08:03 - 2015-04-17 12:10 - 00000349 _____ () C:\Users\Earth\Desktop\GG.txt

2015-04-05 14:24 - 2015-04-05 14:24 - 00000000 ____D () C:\Users\Earth\AppData\Roaming\QFX Software

2015-04-05 14:24 - 2015-04-05 14:24 - 00000000 ____D () C:\ProgramData\QFX Software

2015-04-05 11:04 - 2015-04-22 10:18 - 00000827 _____ () C:\Users\Earth\Desktop\p.txt

2015-04-02 12:05 - 2015-04-05 07:53 - 00000573 _____ () C:\Users\Earth\Desktop\Tent stuff.txt

2015-04-02 10:42 - 2015-04-02 10:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-04-02 10:42 - 2015-04-02 10:42 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2015-04-02 10:28 - 2015-04-02 10:29 - 226547341 _____ () C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip

2015-04-01 09:47 - 2015-04-01 09:47 - 00000000 ____D () C:\Users\Earth\Desktop\Bookings - Badgells Wood_files

2015-04-01 09:46 - 2015-04-01 09:47 - 00028723 _____ () C:\Users\Earth\Desktop\Bookings - Badgells Wood.html

2015-03-31 21:41 - 2015-04-19 12:28 - 00524227 _____ () C:\Windows\system32\Drivers\etc\hosts.old

2015-03-31 10:40 - 2015-04-05 14:49 - 00000000 ____D () C:\Users\Earth\Desktop\Natural pathways

2015-03-29 09:34 - 2015-03-29 09:34 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe

2015-03-29 09:34 - 2008-07-08 08:45 - 00004984 _____ () C:\Windows\system32\Drivers\nvphy.bin

2015-03-26 18:04 - 2015-04-22 18:48 - 00000000 ____D () C:\Users\Earth\AppData\Local\gtk-2.0

2015-03-26 18:04 - 2015-03-26 18:04 - 00000000 ____D () C:\Users\Earth\.thumbnails

2015-03-26 17:36 - 2015-03-26 17:36 - 00000765 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2015-03-26 17:36 - 2015-03-26 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan

2015-03-26 17:36 - 2006-10-13 01:00 - 00061952 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escwiad.dll

2015-03-26 17:35 - 2015-03-26 17:36 - 00000000 ____D () C:\Program Files\EPSON

2015-03-26 17:35 - 2015-03-26 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2015-03-26 17:34 - 2015-03-26 17:34 - 00079679 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLMADE.DLL

2015-03-26 17:34 - 2015-03-26 17:34 - 00064000 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCBADE.DLL

2015-03-26 17:34 - 2015-03-26 17:34 - 00049152 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2015-03-26 17:34 - 2015-03-26 17:34 - 00034304 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FBCHADE.DLL

2015-03-26 17:34 - 2015-03-26 17:34 - 00000000 ____D () C:\ProgramData\EPSON

2015-03-26 17:18 - 2015-04-22 18:49 - 00000000 ____D () C:\Users\Earth\.gimp-2.8

2015-03-26 17:18 - 2015-03-26 17:18 - 00000874 _____ () C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk

2015-03-26 17:18 - 2015-03-26 17:18 - 00000000 ____D () C:\Users\Earth\AppData\Local\gegl-0.2

2015-03-26 17:18 - 2015-03-26 17:18 - 00000000 ____D () C:\Users\Earth\AppData\Local\fontconfig

2015-03-26 17:17 - 2015-03-26 17:17 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

2015-03-26 17:14 - 2015-03-26 17:17 - 00000000 ____D () C:\Program Files\GIMP 2

2015-03-26 17:13 - 2015-03-26 17:14 - 00000000 ____D () C:\Users\Earth\Desktop\Great Canoe Trail

2015-03-26 16:57 - 2015-03-26 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler

2015-03-26 16:57 - 2015-03-26 16:57 - 00000000 ____D () C:\Program Files\KeyScrambler

2015-03-26 16:57 - 2015-02-07 04:37 - 00210512 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys

2015-03-26 12:59 - 2015-03-26 13:25 - 00000000 ____D () C:\Users\Earth\AppData\Local\Nvidia Corporation

2015-03-25 22:27 - 2015-03-25 22:27 - 00000000 ____D () C:\Program Files\AGEIA Technologies

2015-03-25 09:18 - 2015-04-20 23:08 - 00015872 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-03-25 09:17 - 2015-03-25 09:17 - 00000000 ____D () C:\Windows\pss

2015-03-25 08:58 - 2015-03-25 08:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf

2015-03-24 20:16 - 2015-03-27 18:49 - 00002145 _____ () C:\Users\Earth\Desktop\kids event.txt

2015-03-24 01:43 - 2015-03-25 09:00 - 00000000 ____D () C:\Users\Earth\AppData\Roaming\WinPatrol

2015-03-24 01:43 - 2015-03-24 01:43 - 00000000 ____D () C:\ProgramData\InstallMate

2015-03-24 01:43 - 2015-03-24 01:43 - 00000000 ____D () C:\Program Files\WinPatrol

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 13:48 - 2015-03-22 15:29 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-23 12:47 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-23 12:47 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-23 10:57 - 2006-11-02 13:52 - 00755764 _____ () C:\Windows\WindowsUpdate.log

2015-04-23 10:21 - 2006-11-02 11:33 - 00865966 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-23 08:48 - 2015-03-22 15:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-23 08:48 - 2015-03-22 14:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-23 08:47 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-23 00:09 - 2006-11-02 14:01 - 00029244 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-04-22 16:35 - 2015-03-22 15:28 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys

2015-04-22 16:35 - 2015-03-22 15:28 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys

2015-04-22 16:35 - 2015-03-22 15:28 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-04-22 16:35 - 2015-03-22 15:28 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-04-22 16:35 - 2015-03-22 15:28 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys

2015-04-22 16:35 - 2015-03-22 15:28 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys

2015-04-22 16:35 - 2015-03-22 15:28 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-04-22 16:35 - 2015-03-22 15:28 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-04-22 16:35 - 2015-03-22 15:07 - 00000000 ____D () C:\ProgramData\TEMP

2015-04-22 16:34 - 2015-03-22 15:07 - 00000000 ____D () C:\Program Files\SpywareBlaster

2015-04-22 15:30 - 2015-03-22 14:02 - 00000000 ____D () C:\Users\Earth

2015-04-22 11:25 - 2015-03-22 20:37 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-04-22 09:18 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default

2015-04-22 09:18 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public

2015-04-22 09:14 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2015-04-22 08:57 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2015-04-20 14:40 - 2015-03-22 14:55 - 00001777 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk

2015-04-19 14:32 - 2015-03-22 16:32 - 00000000 ____D () C:\Program Files\Arc

2015-04-15 10:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-04-14 23:08 - 2015-03-22 21:45 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-14 23:03 - 2006-11-02 11:24 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-04-02 10:41 - 2015-03-22 14:02 - 00001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat

2015-04-02 10:40 - 2012-02-09 22:43 - 19443520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll

2015-04-02 10:40 - 2012-02-09 22:43 - 17543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2015-04-02 10:40 - 2012-02-09 22:43 - 15009600 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll

2015-04-02 10:40 - 2012-02-09 22:43 - 10816832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-04-02 10:40 - 2012-02-09 22:43 - 07713088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll

2015-04-02 10:40 - 2012-02-09 22:43 - 05892928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-04-02 10:40 - 2012-02-09 22:43 - 02517312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-04-02 10:40 - 2012-02-09 22:43 - 02437440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2015-04-02 10:40 - 2012-02-09 22:43 - 02301248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll

2015-04-02 10:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Help

2015-04-01 18:49 - 2015-01-30 13:27 - 00622192 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys

2015-04-01 18:49 - 2015-01-30 13:27 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys

2015-04-01 18:49 - 2015-01-30 13:27 - 00040736 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys

2015-04-01 18:49 - 2015-01-30 13:27 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys

2015-04-01 18:48 - 2015-01-30 13:27 - 00444472 _____ (COMODO) C:\Windows\system32\guard32.dll

2015-04-01 18:48 - 2015-01-30 13:27 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll

2015-04-01 18:45 - 2015-01-30 13:27 - 00288472 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll

2015-04-01 18:45 - 2015-01-30 13:27 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll

2015-04-01 08:40 - 2006-11-02 13:47 - 00228936 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-29 09:35 - 2007-07-13 08:18 - 00050688 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\Rtnicxp.sys

2015-03-29 09:34 - 2008-09-02 15:03 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvunrm.exe

2015-03-29 09:34 - 2008-08-01 19:51 - 01052704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmfdx32.sys

2015-03-29 09:34 - 2008-08-01 18:35 - 00207872 _____ (NVIDIA Corporation) C:\Windows\system32\fdco6.dll

2015-03-29 09:34 - 2008-07-29 20:33 - 00122880 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll

2015-03-26 17:36 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32

2015-03-26 17:32 - 2015-03-22 14:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys

2015-03-26 14:35 - 2015-03-20 11:21 - 27410776 _____ (OpenVPN Technologies) C:\Users\Earth\Documents\privatetunnel-win-2.4.exe

2015-03-26 14:35 - 2015-03-06 18:28 - 01552128 _____ () C:\Users\Earth\Documents\KeyScrambler_Setup.exe

2015-03-26 14:35 - 2015-02-21 12:53 - 76663632 _____ (Lightworks) C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe

2015-03-26 14:35 - 2015-02-21 02:23 - 07962144 _____ () C:\Users\Earth\Documents\npp.6.7.3.Installer.exe

2015-03-25 22:16 - 2007-08-09 19:12 - 00110624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor32.sys

2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoiins.dll

2015-03-25 22:16 - 2007-08-09 19:03 - 00353280 _____ (NVIDIA Corporation) C:\Windows\system32\idecoi.dll

2015-03-25 10:11 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-03-25 10:07 - 2015-03-22 14:02 - 00000944 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-25 09:00 - 2015-03-22 16:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2015-03-24 01:43 - 2015-03-22 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

==================== Files in the root of some directories =======

2015-03-22 14:02 - 2015-04-02 10:41 - 0001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat

2015-03-25 09:18 - 2015-04-20 23:08 - 0015872 _____ () C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-04-22 18:48 - 2015-04-22 18:48 - 0000833 _____ () C:\Users\Earth\AppData\Local\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-23 08:53

==================== End Of Log ============================

April 23, 2015

Hello

Yes still getting them

April 23, 2015

Oh I forgot to add can I re-install my MVP host file yet?

Thank you

April 22, 2015

At the end of the scan it found nothing and only had a finished button and a box to check that was for uninstalling the software.

No list threat and no export or save file.

Thank you

April 22, 2015

It's still going out here's another recent log..

Detection, 22/04/2015 20:38:21, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound,

April 22, 2015

OTL logfile created on: 22/04/2015 18:51:17 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Earth\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 62.08% Memory free

7.20 Gb Paging File | 5.86 Gb Available in Paging File | 81.48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.51 Gb Total Space | 865.87 Gb Free Space | 92.95% Space Free | Partition Type: NTFS

Computer Name: EARTH-PC | User Name: Earth | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/04/22 18:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe

PRC - [2015/04/22 16:35:29 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2015/04/22 16:35:27 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2015/04/22 16:35:15 | 003,207,800 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

PRC - [2015/04/20 14:35:23 | 000,455,384 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

PRC - [2015/04/20 14:30:50 | 001,359,064 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

PRC - [2015/04/20 14:30:45 | 007,689,432 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe

PRC - [2015/04/20 14:30:09 | 004,351,816 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2015/03/26 16:57:01 | 000,509,216 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe

PRC - [2015/03/17 07:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2015/03/17 07:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2015/03/17 07:14:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2015/04/22 16:35:28 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll

MOD - [2015/04/22 16:35:27 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

MOD - [2015/03/22 15:28:06 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

========== Services (SafeList) ==========

SRV - [2015/04/22 16:35:27 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2015/04/22 16:35:15 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)

SRV - [2015/04/20 14:30:18 | 001,664,728 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)

SRV - [2015/04/20 14:30:09 | 004,351,816 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)

SRV - [2015/04/19 08:25:08 | 000,088,584 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files\Arc\ArcService.exe -- (ArcService)

SRV - [2015/03/17 07:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2015/03/17 07:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Earth\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2015/04/22 16:38:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2015/04/22 16:35:32 | 000,427,992 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2015/04/22 16:35:32 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2015/04/22 16:35:32 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2015/04/22 16:35:32 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2015/04/22 16:35:32 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2015/04/22 16:35:32 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2015/04/22 16:35:32 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)

DRV - [2015/04/22 16:35:19 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2015/04/22 16:35:15 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)

DRV - [2015/04/02 10:40:56 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2015/04/01 18:49:18 | 000,091,200 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)

DRV - [2015/04/01 18:49:15 | 000,040,736 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2015/04/01 18:49:12 | 000,622,192 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)

DRV - [2015/04/01 18:49:09 | 000,017,088 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)

DRV - [2015/03/29 09:35:11 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2015/03/29 09:34:38 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2015/03/25 22:16:46 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2015/03/22 22:37:59 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2015/03/17 07:15:32 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV - [2015/03/17 07:15:22 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2015/02/07 04:37:08 | 000,210,512 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Program Files\ArcPlugins\NPSWF32.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/04/22 16:35:23 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\internal-nacl-plugin

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.421.10417_0\

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\

CHR - Extension: No name found = C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2013/09/03 17:19:52 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)

O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)

O4 - HKU\S-1-5-21-2376867508-200169253-45356126-1000..\Run: [WinPatrol] C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe (Ruiware LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2376867508-200169253-45356126-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7B2022-369D-496D-9906-0B853F11E601}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/04/22 18:41:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe

[2015/04/22 16:35:33 | 000,291,312 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe

[2015/04/22 16:35:29 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr

[2015/04/22 10:33:07 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Earth\Desktop\tdsskiller.exe

[2015/04/22 09:18:53 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\temp

[2015/04/22 09:17:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2015/04/22 08:59:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2015/04/22 08:59:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2015/04/22 08:59:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2015/04/22 08:58:31 | 000,000,000 | ---D | C] -- C:\Qoobox

[2015/04/22 08:57:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2015/04/22 08:55:04 | 005,619,466 | R--- | C] (Swearware) -- C:\Users\Earth\Desktop\ComboFix.exe

[2015/04/21 23:50:59 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\New Folder

[2015/04/21 22:42:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2015/04/21 22:32:49 | 000,000,000 | ---D | C] -- C:\RegBackup

[2015/04/21 22:28:11 | 002,685,507 | ---- | C] (Thisisu) -- C:\Users\Earth\Desktop\JRT.exe

[2015/04/21 09:19:45 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\old

[2015/04/21 09:09:40 | 001,139,200 | ---- | C] (Farbar) -- C:\Users\Earth\Desktop\FRST.exe

[2015/04/20 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\sound and vid intro

[2015/04/20 14:52:36 | 000,000,000 | ---D | C] -- C:\FRST

[2015/04/20 14:40:42 | 000,000,000 | ---D | C] -- C:\VTRoot

[2015/04/19 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2015/04/19 12:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2015/04/08 08:53:27 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe_files

[2015/04/05 14:24:26 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Roaming\QFX Software

[2015/04/05 14:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software

[2015/04/02 10:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2015/04/02 10:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2015/04/01 09:47:00 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Bookings - Badgells Wood_files

[2015/03/31 10:40:09 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Natural pathways

[2015/03/26 18:04:58 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\gtk-2.0

[2015/03/26 18:04:12 | 000,000,000 | ---D | C] -- C:\Users\Earth\.thumbnails

[2015/03/26 17:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan

[2015/03/26 17:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

[2015/03/26 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON

[2015/03/26 17:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2015/03/26 17:18:42 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\fontconfig

[2015/03/26 17:18:39 | 000,000,000 | ---D | C] -- C:\Users\Earth\.gimp-2.8

[2015/03/26 17:18:38 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\gegl-0.2

[2015/03/26 17:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2

[2015/03/26 17:13:47 | 000,000,000 | ---D | C] -- C:\Users\Earth\Desktop\Great Canoe Trail

[2015/03/26 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler

[2015/03/26 16:57:04 | 000,210,512 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys

[2015/03/26 16:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler

[2015/03/26 12:59:56 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\Nvidia Corporation

[2015/03/25 22:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2015/03/25 13:38:46 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Local\ElevatedDiagnostics

[2015/03/25 10:11:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs

[2015/03/25 09:17:21 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2015/03/24 01:43:21 | 000,000,000 | ---D | C] -- C:\Users\Earth\AppData\Roaming\WinPatrol

[2015/03/24 01:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinPatrol

[2015/03/24 01:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2015/03/23 21:44:16 | 000,000,000 | ---D | C] -- C:\Windows\Migration

========== Files - Modified Within 30 Days ==========

[2015/04/22 18:48:05 | 000,000,833 | ---- | M] () -- C:\Users\Earth\AppData\Local\recently-used.xbel

[2015/04/22 18:48:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015/04/22 18:41:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Earth\Desktop\OTL.exe

[2015/04/22 18:37:27 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2015/04/22 18:37:27 | 000,004,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2015/04/22 18:09:58 | 000,729,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2015/04/22 18:09:58 | 000,146,942 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2015/04/22 16:38:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015/04/22 16:38:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2015/04/22 16:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015/04/22 16:37:22 | 3756,580,864 | -HS- | M] () -- C:\hiberfil.sys

[2015/04/22 16:35:32 | 000,427,992 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSP.sys

[2015/04/22 16:35:32 | 000,209,048 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys

[2015/04/22 16:35:32 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2015/04/22 16:35:32 | 000,057,888 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswTdi.sys

[2015/04/22 16:35:32 | 000,055,200 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr.sys

[2015/04/22 16:35:32 | 000,049,904 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2015/04/22 16:35:32 | 000,024,144 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys

[2015/04/22 16:35:29 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe

[2015/04/22 16:35:29 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr

[2015/04/22 16:35:19 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys

[2015/04/22 15:33:08 | 000,362,595 | ---- | M] () -- C:\Users\Earth\Desktop\forest fires.jpg

[2015/04/22 15:30:07 | 000,359,941 | ---- | M] () -- C:\Users\Earth\forest fires.jpg

[2015/04/22 10:33:09 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Earth\Desktop\tdsskiller.exe

[2015/04/22 08:57:53 | 000,518,144 | ---- | M] (SteelWerX) -- C:\Windows\SWREG.exe

[2015/04/22 08:57:53 | 000,406,528 | ---- | M] (SteelWerX) -- C:\Windows\SWSC.exe

[2015/04/22 08:57:53 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe

[2015/04/22 08:57:53 | 000,212,480 | ---- | M] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2015/04/22 08:57:53 | 000,208,896 | ---- | M] () -- C:\Windows\MBR.exe

[2015/04/22 08:57:53 | 000,098,816 | ---- | M] () -- C:\Windows\sed.exe

[2015/04/22 08:57:53 | 000,080,412 | ---- | M] () -- C:\Windows\grep.exe

[2015/04/22 08:57:53 | 000,068,096 | ---- | M] () -- C:\Windows\zip.exe

[2015/04/22 08:57:52 | 000,060,416 | ---- | M] (NirSoft) -- C:\Windows\NIRCMD.exe

[2015/04/22 08:55:07 | 005,619,466 | R--- | M] (Swearware) -- C:\Users\Earth\Desktop\ComboFix.exe

[2015/04/21 22:32:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat

[2015/04/21 22:28:32 | 002,217,984 | ---- | M] () -- C:\Users\Earth\Desktop\adwcleaner_4.201.exe

[2015/04/21 22:28:13 | 002,685,507 | ---- | M] (Thisisu) -- C:\Users\Earth\Desktop\JRT.exe

[2015/04/21 15:49:47 | 001,968,287 | ---- | M] () -- C:\Users\Earth\Desktop\cissp-cib.pdf

[2015/04/21 09:09:41 | 001,139,200 | ---- | M] (Farbar) -- C:\Users\Earth\Desktop\FRST.exe

[2015/04/21 00:07:54 | 000,003,608 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat

[2015/04/20 23:08:11 | 000,015,872 | ---- | M] () -- C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2015/04/20 14:40:34 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk

[2015/04/19 12:28:00 | 000,524,227 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old

[2015/04/08 08:53:27 | 000,106,593 | ---- | M] () -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html

[2015/04/02 12:53:18 | 000,001,995 | ---- | M] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2015/04/02 10:41:29 | 000,001,356 | ---- | M] () -- C:\Users\Earth\AppData\Local\d3d9caps.dat

[2015/04/02 10:29:13 | 226,547,341 | ---- | M] () -- C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip

[2015/04/01 18:49:18 | 000,091,200 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2015/04/01 18:49:15 | 000,040,736 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2015/04/01 18:49:12 | 000,622,192 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

[2015/04/01 18:49:09 | 000,017,088 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

[2015/04/01 18:48:21 | 000,033,520 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll

[2015/04/01 18:48:18 | 000,444,472 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

[2015/04/01 18:45:54 | 000,288,472 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll

[2015/04/01 18:45:27 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll

[2015/04/01 09:47:00 | 000,028,723 | ---- | M] () -- C:\Users\Earth\Desktop\Bookings - Badgells Wood.html

[2015/04/01 08:40:27 | 000,228,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2015/03/26 17:36:40 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[2015/03/26 17:18:48 | 000,000,874 | ---- | M] () -- C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk

[2015/03/26 14:35:48 | 027,410,776 | ---- | M] (OpenVPN Technologies) -- C:\Users\Earth\Documents\privatetunnel-win-2.4.exe

[2015/03/26 14:35:44 | 007,962,144 | ---- | M] () -- C:\Users\Earth\Documents\npp.6.7.3.Installer.exe

[2015/03/26 14:35:34 | 076,663,632 | ---- | M] (Lightworks) -- C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe

[2015/03/26 14:35:19 | 001,552,128 | ---- | M] () -- C:\Users\Earth\Documents\KeyScrambler_Setup.exe

[2015/03/25 10:07:40 | 000,000,938 | ---- | M] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2015/03/25 09:10:07 | 028,997,775 | ---- | M] () -- C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf

[2015/03/25 08:58:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

========== Files Created - No Company Name ==========

[2015/04/22 18:48:05 | 000,000,833 | ---- | C] () -- C:\Users\Earth\AppData\Local\recently-used.xbel

[2015/04/22 17:48:41 | 644,050,851 | ---- | C] () -- C:\Users\Earth\Desktop\bits.zip

[2015/04/22 15:30:07 | 000,359,941 | ---- | C] () -- C:\Users\Earth\forest fires.jpg

[2015/04/22 10:28:14 | 000,362,595 | ---- | C] () -- C:\Users\Earth\Desktop\forest fires.jpg

[2015/04/22 08:59:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2015/04/22 08:59:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2015/04/22 08:59:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2015/04/22 08:59:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2015/04/22 08:59:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2015/04/21 22:32:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-EARTH-PC-Windows-Vista--Home-Premium-(32-bit).dat

[2015/04/21 22:28:32 | 002,217,984 | ---- | C] () -- C:\Users\Earth\Desktop\adwcleaner_4.201.exe

[2015/04/21 15:49:46 | 001,968,287 | ---- | C] () -- C:\Users\Earth\Desktop\cissp-cib.pdf

[2015/04/20 14:40:39 | 000,003,608 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat

[2015/04/08 08:53:25 | 000,106,593 | ---- | C] () -- C:\Users\Earth\Desktop\Canoe Hire Scotland - Where to paddle your canoe.html

[2015/04/02 10:28:35 | 226,547,341 | ---- | C] () -- C:\Users\Earth\Documents\341.44-desktop-win8-win7-winvista-32bit-international-whql.zip

[2015/04/01 09:46:59 | 000,028,723 | ---- | C] () -- C:\Users\Earth\Desktop\Bookings - Badgells Wood.html

[2015/03/29 09:34:43 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2015/03/26 17:36:40 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[2015/03/26 17:18:48 | 000,000,874 | ---- | C] () -- C:\Users\Earth\Desktop\gimp-2.8 - Shortcut.lnk

[2015/03/26 17:17:45 | 000,000,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

[2015/03/26 13:40:32 | 3756,580,864 | -HS- | C] () -- C:\hiberfil.sys

[2015/03/25 10:07:40 | 000,000,938 | ---- | C] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2015/03/25 09:18:48 | 000,015,872 | ---- | C] () -- C:\Users\Earth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2015/03/25 09:10:05 | 028,997,775 | ---- | C] () -- C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf

[2015/03/25 08:58:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2015/03/24 11:18:19 | 000,001,995 | ---- | C] () -- C:\Users\Earth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2015/03/22 15:28:21 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2015/03/22 15:28:19 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2015/03/22 15:28:17 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys

[2015/03/22 14:38:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2015/03/22 14:38:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2015/03/22 14:38:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2015/03/22 14:02:10 | 000,001,356 | ---- | C] () -- C:\Users\Earth\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015/03/22 20:24:15 | 011,587,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2015/03/22 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\Arc

[2015/03/22 15:32:57 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\AVAST Software

[2015/04/05 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\QFX Software

[2015/03/25 09:00:56 | 000,000,000 | ---D | M] -- C:\Users\Earth\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Windows\zip.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XpsPrint.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XpsGdiConverter.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xmllite.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_3.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_2.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_5.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_4.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_3.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_2.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_0.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_3.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_2.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_0.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_5.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_4.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_3.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_2.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_0.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_9.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_8.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_7.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_6.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_5.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_4.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_3.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_2.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_10.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_0.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_6.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_5.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_4.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_3.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_2.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_0.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuwebv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups2.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wups.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wudriver.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFx.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFSvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFPlatform.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFHost.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WUDFCoinstaller.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wucltux.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuaueng.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuauclt.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapp.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wuapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmWmiPl.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmSvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmRes.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmprovhost.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wsmplpxy.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmAuto.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManMigrationPlugin.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManHTTPConfig.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wshom.ocx:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wshcon.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSDApi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wscript.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDSp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDShServiceObj.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WPDShextAutoplay.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpdshext.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpdbusenum.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wpd_ci.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMVDECOD.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMVCORE.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMSPDMOD.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmpmde.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmploc.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMPhoto.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmpdxm.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmicmiplugin.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wmi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WMALFXGFXDSP.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlansvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlansec.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlanmsm.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wlanapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wkssvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winusb.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wintrust.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winsrv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrssrv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrsmgr.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrshost.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrscmd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrs.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winrm.vbs:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winmm.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wininet.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\winhttp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WindowsCodecs.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32spl.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\win32k.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wevtfwd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wer.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecutil.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecsvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wecapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wdigest.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\Wdfres.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\vbscript.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\usp10.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\urlmon.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\url.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\unregmp2.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIRibbonRes.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIRibbon.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIAutomationCore.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\UIAnimation.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\tzres.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\TsWpfWrp.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\tsbyuv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\timedate.cpl:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\themeui.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\termsrv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\TCPSVCS.EXE:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskschd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskeng.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\taskcomp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\t2embed.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\SysFxUI.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\synceng.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\srvsvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\spwmp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\spoolsv.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\smss.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\shsvcs.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\shlwapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\shell32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\secur32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_ssp_isv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_ssp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc_isv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\secproc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\sdclt.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\scrrun.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\schedsvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\schannel.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\scesrv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\sbeio.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\sbe.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rtutils.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rpcrt4.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ROUTE.EXE:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_ssp_isv.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_ssp.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate_isv.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\RMActivate.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rdpencom.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\rastls.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\quartz.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\qedit.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\qdvd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\pwrshplugin.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\psisrndr.ax:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\psisdecd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\profsvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\printcom.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationHostProxy.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationHost.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceWMDRM.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceTypes.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceConnectApi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceClassExtension.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\PortableDeviceApi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\packager.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleaut32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleaccrc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\oleacc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ole32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\odbc32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvwgf2um.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvunrm.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvuninst.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvoglv32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvd3dum.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuvid.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuvenc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcuda.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvconrm.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvcompiler.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nvapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntoskrnl.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntkrnlpa.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ntdll.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nshhttp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nlasvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\nlaapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\NETSTAT.EXE:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\netiohlp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\netfxperf.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\netevent.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\netapi32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ncsi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ncrypt.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msyuv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml6.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml3r.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msxml3.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvidc32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvfw32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msvcrt.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msv1_0.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mstscax.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mstsc.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSSTDFMT.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msshsq.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msrle32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msihnd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtmled.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtml.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshta.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeedssync.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeedsbs.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeeds.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msdxm.ocx:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSDvbNP.ax:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msdrm.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msctf.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscories.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscorier.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mscoree.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MSCOMCTL.OCX:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msaudite.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msasn1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mrt.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MRINFO.EXE:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MpSigStub.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mpg2splt.ax:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\Mpeg2Data.ax:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MP4SDECD.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc42u.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc42.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc40u.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mfc40.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mciseq.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mciavi32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsass.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\lsasrv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\lpk.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\localspl.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\l3codecp.acm:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\l3codeca.acm:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\L2SecHC.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\kernel32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\kerberos.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jsproxy.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript9.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iyuv_32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iphlpsvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\infocardapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcpl.cpl:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcomm.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\IMJP10K.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\imagehlp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\IKEEXT.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieUnatt.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieui.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iertutil.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieframe.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\idecoiins.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\idecoi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iccvid.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\icardres.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\icardagt.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\icaapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\httpapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\HOSTNAME.EXE:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hcrstco.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\hccoin.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gdi32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\GameUXLegacyGDFs.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\gameux.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\FWPUCLNT.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\fontsub.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\FntCache.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\finger.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\fdco6.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\EncDump.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\EncDec.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FLMADE.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FBCHADE.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_FBCBADE.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\E_DCINST.DLL:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtrans.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtmsft.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxmasf.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DWrite.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WUDFRd.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WUDFPf.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\WdfLdr.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Wdf01000.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\volsnap.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbscan.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbprint.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbport.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbohci.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbhub.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbehci.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbd.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usbccgp.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\usb8023.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\UMDF\WpdFs.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tunnel.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tssecsrv.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tcpipreg.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\tcpip.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srvnet.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv2.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\srv.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\Rtnicxp.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\rdpwd.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\portcls.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\partmgr.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvstor32.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvmfdx32.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\nvlddmkm.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ntfs.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb20.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb10.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxsmb.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\mrxdav.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ksecdd.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\http.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\fs_rec.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\fastfat.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\dxgkrnl.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\drmk.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\dfsc.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\bowser.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\ASACPI.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\drivers\afd.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dpnsvr.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dpnet.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnsrslvr.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnscacheugc.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dnsapi.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dfshim.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dciman32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_42.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_41.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_40.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_39.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_38.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_37.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_36.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_35.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_34.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_33.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_31.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_30.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_29.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_28.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_27.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_26.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_25.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_24.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx11_42.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_42.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_41.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_40.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_39.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_38.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_37.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_36.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_35.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_34.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_33.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dcsx_42.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_42.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_41.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_40.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_39.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_38.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_37.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_36.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_35.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_34.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_33.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10warp.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10level9.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10core.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10_1core.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10_1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3d10.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d2d1.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\csrsrv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cscript.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptsvc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptnet.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cryptdlg.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\crypt32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\consent.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\comctl32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\clfsw32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\clfs.sys:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\certutil.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\certenc.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cdd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cabview.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\BthMtpContextHandler.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\avifil32.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\authui.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\audiosrv.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\AUDIOKSE.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\AudioEng.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmlib.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atmfd.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atl.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\asycfilt.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ARP.EXE:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\appinfo.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\Apphlpdm.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\adtschema.dll:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\SWXCACLS.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\SWSC.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\SWREG.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\sed.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\PEV.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\NIRCMD.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\MBR.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\grep.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Windows\avastSS.scr:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\privatetunnel-win-2.4.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\npp.6.7.3.Installer.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\lightworks_v12.0.2_full_32bit_setup.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Documents\KeyScrambler_Setup.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\tdsskiller.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\OTL.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\JRT.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\FRST.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\ComboFix.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe:$CmdTcID

@Alternate Data Stream - 64 bytes -> C:\Program Files\KeyScrambler\keyscrambler.exe:$CmdTcID

@Alternate Data Stream - 26 bytes -> C:\Windows\System32\drivers\etc\hosts.old:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Documents\mediabrowser_4_instruction_guide.pdf:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\tdsskiller.exe:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\OTL.exe:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\JRT.exe:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\FRST.exe:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\ComboFix.exe:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\cissp-cib.pdf:$CmdZnID

@Alternate Data Stream - 26 bytes -> C:\Users\Earth\Desktop\adwcleaner_4.201.exe:$CmdZnID

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

April 22, 2015

OTL Extras logfile created on: 22/04/2015 18:51:17 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Earth\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 62.08% Memory free

7.20 Gb Paging File | 5.86 Gb Available in Paging File | 81.48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.51 Gb Total Space | 865.87 Gb Free Space | 92.95% Space Free | Partition Type: NTFS

Computer Name: EARTH-PC | User Name: Earth | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2376867508-200169253-45356126-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{684D7D20-525A-48BC-8C17-2A153CEB3C6A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{182C9667-60B9-4DD7-849C-3C416DEBDF21}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |

"{8C818C07-A531-44D6-8EA1-0C2360D5695C}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |

"TCP Query User{67C53C57-435C-4803-9F6D-AFC7E58B8C11}C:\program files\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\neverwinter_en\neverwinter\live\gameclient.exe |

"UDP Query User{964554DB-D3AA-4838-9DFF-2C800B69A830}C:\program files\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\neverwinter_en\neverwinter\live\gameclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2

"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper

"{68BE8BAB-5375-4C99-9116-1808F5968D40}" = COMODO Firewall

"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol

"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc

"Avast" = Avast Free Antivirus

"CCleaner" = CCleaner

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"GIMP-2_is1" = GIMP 2.8.14

"Google Chrome" = Google Chrome

"KeyScrambler" = KeyScrambler

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.4.1018

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Drivers" = NVIDIA Drivers

"SpywareBlaster_is1" = SpywareBlaster 5.0

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24

Description =

Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24

Description =

Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24

Description =

Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24

Description =

Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24

Description =

Error - 20/04/2015 19:09:04 | Computer Name = Earth-PC | Source = WinMgmt | ID = 24

Description =

Error - 21/04/2015 17:57:30 | Computer Name = Earth-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 22/04/2015 11:34:06 | Computer Name = Earth-PC | Source = VSS | ID = 8194

Description =

Error - 22/04/2015 11:50:09 | Computer Name = Earth-PC | Source = Perflib | ID = 1010

Description =

Error - 22/04/2015 13:26:40 | Computer Name = Earth-PC | Source = Application Error | ID = 1000

Description = Faulting application gimp-2.8.exe, version 2.8.14.0, time stamp 0x00000000,

faulting module libpixman-1-0.dll, version 0.0.0.0, time stamp 0x3f2e3eab, exception

code 0xc0000005, fault offset 0x0006fc33, process id 0x13d4, application start time

0x01d07d1fbc38130d.

[ System Events ]

Error - 09/04/2015 15:16:39 | Computer Name = Earth-PC | Source = volsnap | ID = 393230

Description = The shadow copies of volume C: were aborted because of an IO failure

on volume C:.

Error - 09/04/2015 15:20:10 | Computer Name = Earth-PC | Source = DCOM | ID = 10005

Description =

Error - 09/04/2015 15:20:11 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 09/04/2015 15:20:11 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 09/04/2015 15:22:13 | Computer Name = Earth-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 20:20:41 on 09/04/2015 was unexpected.

Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 12/04/2015 18:20:19 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 12/04/2015 18:20:20 | Computer Name = Earth-PC | Source = Service Control Manager | ID = 7031

Description =

< End of report >

April 22, 2015

Logs above

It says that there is a NDTLL code modification ZwClose does this indicate a kernel modification and a rootkit has installed itself some how?

Thank you

April 22, 2015

ComboFix 15-04-19.01 - Earth 22/04/2015 9:00.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2451 [GMT 1:00]

Running from: c:\users\Earth\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

FW: COMODO Firewall *Disabled* {C8870897-C358-086B-2944-184866CC6D0A}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2015-03-22 to 2015-04-22 )))))))))))))))))))))))))))))))

.

2015-04-22 08:13 . 2015-04-22 08:14 -------- d-----w- c:\users\Earth\AppData\Local\temp

2015-04-22 08:13 . 2015-04-22 08:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-04-21 21:42 . 2015-04-21 21:44 -------- d-----w- C:\AdwCleaner

2015-04-21 21:32 . 2015-04-21 21:32 -------- d-----w- C:\RegBackup

2015-04-20 13:52 . 2015-04-21 08:20 -------- d-----w- C:\FRST

2015-04-20 13:40 . 2015-04-20 13:40 -------- d-----w- C:\VTRoot

2015-04-20 13:40 . 2015-04-20 23:07 3608 ----a-w- c:\windows\system32\drivers\fvstore.dat

2015-04-19 11:22 . 2015-04-19 11:22 -------- d-----w- c:\program files\HitmanPro

2015-04-19 11:22 . 2015-04-19 11:26 -------- d-----w- c:\programdata\HitmanPro

2015-04-17 17:26 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{025D98AE-363B-4870-BCAA-C4B6670A0556}\mpengine.dll

2015-04-14 22:08 . 2015-04-14 22:08 1249280 ----a-w- c:\windows\system32\msxml3.dll

2015-04-14 22:03 . 2015-04-14 22:03 297984 ----a-w- c:\windows\system32\gdi32.dll

2015-04-14 22:03 . 2015-04-14 22:03 57344 ----a-w- c:\windows\system32\clfsw32.dll

2015-04-14 22:03 . 2015-04-14 22:03 244152 ----a-w- c:\windows\system32\clfs.sys

2015-04-14 22:02 . 2015-04-14 22:02 1205168 ----a-w- c:\windows\system32\ntdll.dll

2015-04-14 22:02 . 2015-04-14 22:02 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe

2015-04-14 22:02 . 2015-04-14 22:02 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe

2015-04-05 13:24 . 2015-04-05 13:24 -------- d-----w- c:\users\Earth\AppData\Roaming\QFX Software

2015-04-05 13:24 . 2015-04-05 13:24 -------- d-----w- c:\programdata\QFX Software

2015-04-02 09:42 . 2015-04-02 09:42 -------- d-----w- c:\programdata\NVIDIA Corporation

2015-04-02 09:42 . 2015-04-02 09:43 -------- d-----w- c:\program files\NVIDIA Corporation

2015-03-29 08:34 . 2015-03-29 08:34 453152 ----a-w- c:\windows\system32\nvuninst.exe

2015-03-29 08:34 . 2008-07-08 07:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin

2015-03-26 17:04 . 2015-03-26 17:11 -------- d-----w- c:\users\Earth\AppData\Local\gtk-2.0

2015-03-26 17:04 . 2015-03-26 17:04 -------- d-----w- c:\users\Earth\.thumbnails

2015-03-26 16:36 . 2006-10-13 00:00 61952 ----a-w- c:\windows\system32\escwiad.dll

2015-03-26 16:35 . 2015-03-26 16:36 -------- d-----w- c:\program files\EPSON

2015-03-26 16:34 . 2015-03-26 16:34 64000 ----a-w- c:\windows\system32\E_FBCBADE.DLL

2015-03-26 16:34 . 2015-03-26 16:34 34304 ----a-w- c:\windows\system32\E_FBCHADE.DLL

2015-03-26 16:34 . 2015-03-26 16:34 79679 ----a-w- c:\windows\system32\E_FLMADE.DLL

2015-03-26 16:34 . 2015-03-26 16:34 49152 ----a-w- c:\windows\system32\E_DCINST.DLL

2015-03-26 16:34 . 2015-03-26 16:34 -------- d-----w- c:\programdata\EPSON

2015-03-26 16:18 . 2015-03-26 16:18 -------- d-----w- c:\users\Earth\AppData\Local\fontconfig

2015-03-26 16:18 . 2015-03-26 17:15 -------- d-----w- c:\users\Earth\.gimp-2.8

2015-03-26 16:18 . 2015-03-26 16:18 -------- d-----w- c:\users\Earth\AppData\Local\gegl-0.2

2015-03-26 16:14 . 2015-03-26 16:17 -------- d-----w- c:\program files\GIMP 2

2015-03-26 15:57 . 2015-02-07 03:37 210512 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2015-03-26 15:57 . 2015-03-26 15:57 -------- d-----w- c:\program files\KeyScrambler

2015-03-26 11:59 . 2015-03-26 12:25 -------- d-----w- c:\users\Earth\AppData\Local\Nvidia Corporation

2015-03-26 08:37 . 2015-03-26 08:37 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2015-03-25 21:27 . 2015-03-25 21:27 -------- d-----w- c:\program files\AGEIA Technologies

2015-03-25 12:38 . 2015-03-25 12:38 -------- d-----w- c:\users\Earth\AppData\Local\ElevatedDiagnostics

2015-03-24 00:43 . 2015-03-25 08:00 -------- d-----w- c:\users\Earth\AppData\Roaming\WinPatrol

2015-03-24 00:43 . 2015-03-24 00:43 -------- d-----w- c:\programdata\InstallMate

2015-03-24 00:43 . 2015-03-24 00:43 -------- d-----w- c:\program files\WinPatrol

2015-03-23 20:44 . 2015-03-23 20:44 -------- d-----w- c:\windows\Migration

2015-03-23 20:42 . 2015-03-23 20:41 291312 ----a-w- c:\windows\system32\aswBoot.exe

2015-03-23 20:41 . 2015-03-23 20:41 43112 ----a-w- c:\windows\avastSS.scr

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-04-22 07:26 . 2015-03-22 13:53 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-04-02 09:40 . 2012-02-09 21:43 5892928 ----a-w- c:\windows\system32\nvcuda.dll

2015-04-02 09:40 . 2012-02-09 21:43 2301248 ----a-w- c:\windows\system32\nvapi.dll

2015-04-02 09:40 . 2012-02-09 21:43 17543488 ----a-w- c:\windows\system32\nvcompiler.dll

2015-04-02 09:40 . 2012-02-09 21:43 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll

2015-04-02 09:40 . 2012-02-09 21:43 2517312 ----a-w- c:\windows\system32\nvcuvid.dll

2015-04-02 09:40 . 2012-02-09 21:43 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2015-04-02 09:40 . 2012-02-09 21:43 19443520 ----a-w- c:\windows\system32\nvoglv32.dll

2015-04-02 09:40 . 2012-02-09 21:43 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2015-04-02 09:40 . 2012-02-09 21:43 15009600 ----a-w- c:\windows\system32\nvd3dum.dll

2015-04-01 17:49 . 2015-01-30 12:27 91200 ----a-w- c:\windows\system32\drivers\inspect.sys

2015-04-01 17:49 . 2015-01-30 12:27 40736 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2015-04-01 17:49 . 2015-01-30 12:27 622192 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2015-04-01 17:49 . 2015-01-30 12:27 17088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2015-04-01 17:48 . 2015-01-30 12:27 33520 ----a-w- c:\windows\system32\cmdcsr.dll

2015-04-01 17:48 . 2015-01-30 12:27 444472 ----a-w- c:\windows\system32\guard32.dll

2015-04-01 17:45 . 2015-01-30 12:27 288472 ----a-w- c:\windows\system32\cmdvrt32.dll

2015-04-01 17:45 . 2015-01-30 12:27 40664 ----a-w- c:\windows\system32\cmdkbd32.dll

2015-03-29 08:35 . 2007-07-13 07:18 50688 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys

2015-03-29 08:34 . 2008-08-01 18:51 1052704 ----a-w- c:\windows\system32\drivers\nvmfdx32.sys

2015-03-29 08:34 . 2008-08-01 17:35 207872 ----a-w- c:\windows\system32\fdco6.dll

2015-03-29 08:34 . 2008-07-29 19:33 122880 ----a-w- c:\windows\system32\nvconrm.dll

2015-03-29 08:34 . 2008-09-02 14:03 453152 ----a-w- c:\windows\system32\nvunrm.exe

2015-03-26 16:32 . 2015-03-22 13:13 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys

2015-03-25 21:16 . 2007-08-09 18:12 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys

2015-03-25 21:16 . 2007-08-09 18:03 353280 ----a-w- c:\windows\system32\idecoiins.dll

2015-03-25 21:16 . 2007-08-09 18:03 353280 ----a-w- c:\windows\system32\idecoi.dll

2015-03-25 07:25 . 2015-03-22 19:37 246920 ------w- c:\windows\system32\MpSigStub.exe

2015-03-23 20:41 . 2015-03-22 14:28 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2015-03-23 20:41 . 2015-03-22 14:28 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2015-03-23 20:41 . 2015-03-22 14:28 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys

2015-03-23 20:41 . 2015-03-22 14:28 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2015-03-23 20:41 . 2015-03-22 14:28 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2015-03-23 20:41 . 2015-03-22 14:28 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2015-03-23 20:41 . 2015-03-22 14:28 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2015-03-23 20:40 . 2015-03-22 14:28 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2015-03-22 22:50 . 2015-03-22 22:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2015-03-22 22:50 . 2015-03-22 22:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2015-03-22 22:50 . 2015-03-22 22:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2015-03-22 22:50 . 2015-03-22 22:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2015-03-22 22:50 . 2015-03-22 22:50 189952 ----a-w- c:\windows\system32\d3d10core.dll

2015-03-22 22:50 . 2015-03-22 22:50 798208 ----a-w- c:\windows\system32\FntCache.dll

2015-03-22 22:50 . 2015-03-22 22:50 683008 ----a-w- c:\windows\system32\d2d1.dll

2015-03-22 22:50 . 2015-03-22 22:50 1069056 ----a-w- c:\windows\system32\DWrite.dll

2015-03-22 22:50 . 2015-03-22 22:50 1029120 ----a-w- c:\windows\system32\d3d10.dll

2015-03-22 22:50 . 2015-03-22 22:50 125952 ----a-w- c:\windows\system32\srvsvc.dll

2015-03-22 22:50 . 2015-03-22 22:50 17920 ----a-w- c:\windows\system32\netevent.dll

2015-03-22 22:50 . 2015-03-22 22:50 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui

2015-03-22 22:49 . 2015-03-22 22:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2015-03-22 21:45 . 2015-03-22 21:45 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2015-03-22 21:40 . 2015-03-22 21:40 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll

2015-03-22 21:37 . 2004-08-13 09:56 5810 ----a-w- c:\windows\system32\drivers\ASACPI.sys

2015-03-22 21:20 . 2015-03-22 21:20 99480 ----a-w- c:\windows\system32\infocardapi.dll

2015-03-22 21:20 . 2015-03-22 21:20 8856 ----a-w- c:\windows\system32\icardres.dll

2015-03-22 21:20 . 2015-03-22 21:20 619664 ----a-w- c:\windows\system32\icardagt.exe

2015-03-22 21:20 . 2015-03-22 21:20 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe

2015-03-22 21:16 . 2015-03-22 21:16 2064384 ----a-w- c:\windows\system32\win32k.sys

2015-03-22 21:14 . 2015-03-22 21:14 81560 ----a-w- c:\windows\system32\mscories.dll

2015-03-22 21:14 . 2015-03-22 21:14 156824 ----a-w- c:\windows\system32\mscorier.dll

2015-03-22 21:14 . 2015-03-22 21:14 1131664 ----a-w- c:\windows\system32\dfshim.dll

2015-03-22 21:08 . 2015-03-22 21:08 146432 ----a-w- c:\windows\system32\msaudite.dll

2015-03-22 21:08 . 2015-03-22 21:08 619520 ----a-w- c:\windows\system32\adtschema.dll

2015-03-22 21:08 . 2015-03-22 21:08 449536 ----a-w- c:\windows\system32\termsrv.dll

2015-03-22 21:07 . 2015-03-22 21:07 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2015-03-22 21:05 . 2015-03-22 21:05 2048 ----a-w- c:\windows\system32\tzres.dll

2015-03-22 20:58 . 2015-03-22 20:58 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2015-03-22 20:58 . 2015-03-22 20:58 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2015-03-22 20:58 . 2015-03-22 20:58 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2015-03-22 20:55 . 2015-03-22 20:55 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2015-03-22 20:55 . 2015-03-22 20:55 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2015-03-22 20:55 . 2015-03-22 20:55 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2015-03-22 20:55 . 2015-03-22 20:55 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2015-03-22 20:55 . 2015-03-22 20:55 3072 ----a-w- c:\windows\system32\drivers\UMDF\en-US\wpdmtpdr.dll.mui

2015-03-22 20:55 . 2015-03-22 20:55 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2015-03-22 20:55 . 2015-03-22 20:55 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2015-03-22 20:55 . 2015-03-22 20:55 350208 ----a-w- c:\windows\system32\WPDSp.dll

2015-03-22 20:55 . 2015-03-22 20:55 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2015-03-22 20:55 . 2015-03-22 20:55 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2015-03-22 20:55 . 2015-03-22 20:55 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll

2015-03-22 20:55 . 2015-03-22 20:55 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2015-03-22 20:55 . 2015-03-22 20:55 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2015-03-22 20:55 . 2015-03-22 20:55 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2015-03-22 20:39 . 2015-03-22 20:39 2048 ----a-w- c:\windows\system32\msxml3r.dll

2015-03-22 20:34 . 2015-03-22 20:34 499200 ----a-w- c:\windows\system32\kerberos.dll

2015-03-22 20:32 . 2015-03-22 20:32 67072 ----a-w- c:\windows\system32\packager.dll

2015-03-22 20:14 . 2015-03-22 20:14 564224 ----a-w- c:\windows\system32\oleaut32.dll

2015-03-22 20:08 . 2015-03-22 20:08 72704 ----a-w- c:\windows\system32\fontsub.dll

2015-03-22 20:08 . 2015-03-22 20:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2015-03-22 20:08 . 2015-03-22 20:08 296960 ----a-w- c:\windows\system32\atmfd.dll

2015-03-22 20:08 . 2015-03-22 20:08 23552 ----a-w- c:\windows\system32\lpk.dll

2015-03-22 20:08 . 2015-03-22 20:08 10240 ----a-w- c:\windows\system32\dciman32.dll

2015-03-22 20:00 . 2015-03-22 20:00 64000 ----a-w- c:\windows\system32\smss.exe

2015-03-22 20:00 . 2015-03-22 20:00 49152 ----a-w- c:\windows\system32\csrsrv.dll

2015-03-22 19:59 . 2015-03-22 19:59 807936 ----a-w- c:\windows\system32\msctf.dll

2015-03-22 19:57 . 2015-03-22 19:57 729600 ----a-w- c:\windows\system32\IMJP10K.DLL

2015-03-22 19:53 . 2015-03-22 19:53 161792 ----a-w- c:\windows\system32\msls31.dll

2015-03-22 19:53 . 2015-03-22 19:53 86528 ----a-w- c:\windows\system32\iesysprep.dll

2015-03-22 19:53 . 2015-03-22 19:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2015-03-22 19:53 . 2015-03-22 19:53 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2015-03-22 19:53 . 2015-03-22 19:53 48640 ----a-w- c:\windows\system32\mshtmler.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2015-03-23 20:40 644608 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinPatrol"="c:\program files\WinPatrol\WinPatrol\winpatrol.exe" [2015-03-24 1160536]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-04-20 1359064]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-23 5512912]

"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2015-03-26 509216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Monitor 4.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk

backup=c:\windows\pss\Device Monitor 4.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]

2015-03-26 16:34 98304 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIADE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-18 23:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-04-17 17:49 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 14:28]

.

2015-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-22 14:28]

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2015-04-22 09:14

Windows 6.0.6002 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Configurations]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Data]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmdAgent\Mode\Options]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3788)

c:\windows\System32\fwpuclnt.dll

.

Completion time: 2015-04-22 09:18:46

ComboFix-quarantined-files.txt 2015-04-22 08:18

.

Pre-Run: 939,031,236,608 bytes free

Post-Run: 938,947,457,024 bytes free

.

- - End Of File - - 3BD1982572F299BE523FFC9604D2AD86

5C616939100B85E558DA92B899A0FC36

April 21, 2015

All 3 are posted above Maniac

thank you

April 21, 2015

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 21/04/2015

Scan Time: 22:48:56

Logfile: mbam.txt

Administrator: Yes

Version: 2.01.4.1018

Malware Database: v2015.04.21.06

Rootkit Database: v2015.04.21.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Earth

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 285893

Time Elapsed: 8 min, 32 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

April 21, 2015

# AdwCleaner v4.201 - Logfile created 21/04/2015 at 22:44:56

# Updated 08/04/2015 by Xplode

# Database : 2015-04-08.1 [Local]

# Operating system : Windows Vista Home Premium Service Pack 2 (x86)

# Username : Earth - EARTH-PC

# Running from : C:\Users\Earth\Desktop\adwcleaner_4.201.exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16636

-\\ Google Chrome v42.0.2311.90

[C:\Users\Earth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R1].txt - [897 bytes] - [21/04/2015 22:42:14]

AdwCleaner[s1].txt - [825 bytes] - [21/04/2015 22:44:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [883 bytes] ##########

April 21, 2015

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.0 (04.20.2015:1)

OS: Windows Vista Home Premium x86

Ran by Earth on 21/04/2015 at 22:32:44.63

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21/04/2015 at 22:39:44.48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

April 21, 2015

The log is above.

It is still trying to dial out here's a log from Mbam

Detection, 21/04/2015 20:28:02, SYSTEM, EARTH-PC, Protection, Malicious Website Protection, IP, 50.22.218.160, qone8.com, 0, Outbound,

April 21, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015

Ran by Earth at 2015-04-21 09:20:00 Run:1

Running from C:\Users\Earth\Desktop

Loaded Profiles: Earth (Available profiles: Earth)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

==== End of Fixlog 09:20:00 ====

April 21, 2015

Thank you for your help I will do all this now. Will I be able to re-add MVP hosts file? or is something wrong with it on the main site?

April 20, 2015

Thanks guy's I will look into your suggestions, I only want to play with them not for any reason other than I have never used them before.

Privacy shouldn't be an issue as I will set a second email up and send them to my self lol

All the best

Paul

April 20, 2015

I'm thinking of using http://www.getsidekick.com/e-mail tracker I'm new to them does anyone know any of any better software that tracks your e-mail safely to it's destination and tells you when its been opened and by who. It's more just to play with than anything.

Thanks

April 20, 2015

I kept getting "you can't post as you added it to quickly" and "post to long" would be easier and quicker to add as a zip

April 20, 2015

C:\Windows\system32\NlsData0047.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0046.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0045.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0039.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 03104768 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0020.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0011.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 02643456 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000c.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 02599936 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0001.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 02342912 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000d.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0007.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01966592 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0027.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0c1a.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData081a.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0026.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0024.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001b.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001a.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0018.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData000f.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0003.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01965056 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData003e.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData002a.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0022.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01801216 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0021.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01523712 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0000.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm60.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\netprof.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL

2015-03-22 14:13 - 2008-01-19 00:35 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\msidcrl30.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL

2015-03-22 14:13 - 2008-01-19 00:35 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\mycomput.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\msoeacct.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\mssha.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\msrdc.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\nlmgp.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\NAPMONTR.DLL

2015-03-22 14:13 - 2008-01-19 00:35 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\ndfapi.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\msoert2.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\msident.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NapiNSP.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\mspatcha.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\napipsec.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\ndfetw.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\mtxlegih.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Nlsdl.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\mtxdm.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\msidle.dll

2015-03-22 14:13 - 2008-01-19 00:35 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 01039360 _____ (Microsoft Corporation) C:\Windows\system32\d3d8.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\d3dim700.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\colorui.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00614400 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\ddraw.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\filemgmt.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00415232 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\dsquery.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\dmdlgs.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\d3dim.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\msdtckrm.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\msdelta.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\CompatUI.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpui.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\comsnap.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\msdtcuiu.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\msdt.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\mdminst.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\lltdsvc.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\mlang.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\dmdskmgr.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\els.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\dmime.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\dsdmo.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\msdadiag.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\dinput8.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\keymgr.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\icsfiltr.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\dbnetlib.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\McxDriv.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\msdart.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\mprmsg.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\msaatext.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\loadperf.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\comrepl.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\msdtclog.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\efsadu.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dskquota.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\dmscript.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\IPBusEnum.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msacm32.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\loghours.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\GuidedHelp.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\EAPQEC.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\HelpPaneProxy.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\DHCPQEC.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\dxva2.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\colbact.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\eapsvc.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\fwcfg.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\DfsShlEx.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\d3dxof.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\dnshc.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\dot3dlg.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\mmcss.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dssec.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpclnt.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\dmocx.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dfdts.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\dmloader.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\esentprf.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dispci.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dimsjob.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lltdapi.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\mfcsubs.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\cofiredm.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\idndl.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\LangCleanupSysprepAction.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\ias.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\dmutil.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\hnetmon.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\localui.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\fdPHost.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\KBDJPN.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\KBDKOR.DLL

2015-03-22 14:13 - 2008-01-19 00:34 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iscsied.dll

2015-03-22 14:13 - 2008-01-19 00:34 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 08139264 _____ (Microsoft Corporation) C:\Windows\system32\ssBranded.scr

2015-03-22 14:13 - 2008-01-19 00:33 - 05714432 _____ (Microsoft Corporation) C:\Windows\system32\logon.scr

2015-03-22 14:13 - 2008-01-19 00:33 - 02585088 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 01405952 _____ (Microsoft Corporation) C:\Windows\system32\ActiveContentWizard.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00879616 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr

2015-03-22 14:13 - 2008-01-19 00:33 - 00805888 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx

2015-03-22 14:13 - 2008-01-19 00:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\clbcatq.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00520704 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWGP.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00498176 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\catsrv.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\shrpubw.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\cmipnpinstall.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr

2015-03-22 14:13 - 2008-01-19 00:33 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\NAPSTAT.EXE

2015-03-22 14:13 - 2008-01-19 00:33 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\adsnt.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\authfwcfg.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\audiodev.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00226816 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr

2015-03-22 14:13 - 2008-01-19 00:33 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr

2015-03-22 14:13 - 2008-01-19 00:33 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\apircl.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgrade.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\WinFXDocObj.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\activeds.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\apss.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\p2phost.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\adsldp.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax

2015-03-22 14:13 - 2008-01-19 00:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax

2015-03-22 14:13 - 2008-01-19 00:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00163840 _____ (Microsoft Corp.) C:\Windows\system32\DfrgNtfs.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msdt.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\raserver.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\DpiScaling.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\CompMgmtLauncher.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2015-03-22 14:13 - 2008-01-19 00:33 - 00134656 _____ (Microsoft Corporation) C:\Windows\regedit.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\SoundRecorder.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\mtstocom.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\dispdiag.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\verifier.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\msscript.ocx

2015-03-22 14:13 - 2008-01-19 00:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\msdtc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE

2015-03-22 14:13 - 2008-01-19 00:33 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayApi.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\makecab.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\OptionalFeatures.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00096768 _____ (Microsoft Corp.) C:\Windows\system32\dfrgfat.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\diantz.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\vssadmin.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\esentutl.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\btpanui.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\wiaacmgr.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\dmview.ocx

2015-03-22 14:13 - 2008-01-19 00:33 - 00087552 _____ (Microsoft) C:\Windows\system32\Robocopy.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TpmInit.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\bootcfg.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\ACW.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\systeminfo.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wlanext.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\cmdl32.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax

2015-03-22 14:13 - 2008-01-19 00:33 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\DFDWiz.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\cmifw.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\MuiUnattend.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\driverquery.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\getmac.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\cmicryptinstall.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\alg.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\dfrgifc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00058880 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\extrac32.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\expand.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\brcplsdw.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\gacinstall.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\net.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\bcdprov.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\cmutil.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\ucsvc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax

2015-03-22 14:13 - 2008-01-19 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\regini.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax

2015-03-22 14:13 - 2008-01-19 00:33 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\lodctr.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\lnkstub.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\rasphone.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\xcopy.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\ComputerDefaults.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\SecEdit.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\waitfor.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\RpcPing.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\unlodctr.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\cmlua.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax

2015-03-22 14:13 - 2008-01-19 00:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\cmcfg32.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rdrleakdiag.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\shutdown.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\unattendedjoin.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\AtBroker.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\syskey.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\sxstrace.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\icacls.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\cmpbk32.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Netplwiz.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\netcfg.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\cacls.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\at.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\RacAgent.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\capisp.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sfc.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\PING.EXE

2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nbtstat.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\bridgeunattend.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\cmstplua.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\ktmutil.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\icsunattend.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\setupSNK.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mountvol.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\fveupdate.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\batt.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\avrt.dll

2015-03-22 14:13 - 2008-01-19 00:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\sbunattend.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\InfDefaultInstall.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe

2015-03-22 14:13 - 2008-01-19 00:33 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\csrss.exe

2015-03-22 14:13 - 2008-01-19 00:32 - 02249216 _____ (Microsoft Corporation) C:\Windows\system32\Firewall.cpl

2015-03-22 14:13 - 2008-01-19 00:32 - 01370624 _____ (Microsoft Corporation) C:\Windows\system32\Aurora.scr

2015-03-22 14:13 - 2008-01-19 00:32 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl

2015-03-22 14:13 - 2008-01-19 00:32 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\joy.cpl

2015-03-22 14:13 - 2008-01-19 00:32 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl

2015-03-22 14:13 - 2008-01-19 00:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl

2015-03-22 14:13 - 2008-01-19 00:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl

2015-03-22 14:13 - 2008-01-19 00:32 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl

2015-03-22 14:13 - 2008-01-19 00:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll

2015-03-22 14:13 - 2008-01-19 00:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll

2015-03-22 14:13 - 2008-01-19 00:31 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll

2015-03-22 14:13 - 2008-01-19 00:29 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\imagesp1.dll

2015-03-22 14:13 - 2008-01-19 00:29 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-22 14:13 - 2008-01-18 23:01 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll

2015-03-22 14:13 - 2008-01-18 23:01 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys

2015-03-22 14:13 - 2008-01-18 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys

2015-03-22 14:13 - 2008-01-18 23:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\tsddd.dll

2015-03-22 14:13 - 2008-01-18 23:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys

2015-03-22 14:13 - 2008-01-18 23:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys

2015-03-22 14:13 - 2008-01-18 22:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys

2015-03-22 14:13 - 2008-01-18 22:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys

2015-03-22 14:13 - 2008-01-18 22:57 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys

2015-03-22 14:13 - 2008-01-18 22:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys

2015-03-22 14:13 - 2008-01-18 22:55 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys

2015-03-22 14:13 - 2008-01-18 22:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys

2015-03-22 14:13 - 2008-01-18 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys

2015-03-22 14:13 - 2008-01-18 22:55 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys

2015-03-22 14:13 - 2008-01-18 22:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys

2015-03-22 14:13 - 2008-01-18 22:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys

2015-03-22 14:13 - 2008-01-18 22:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS

2015-03-22 14:13 - 2008-01-18 22:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys

2015-03-22 14:13 - 2008-01-18 22:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys

2015-03-22 14:13 - 2008-01-18 22:53 - 00053376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys

2015-03-22 14:13 - 2008-01-18 22:53 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys

2015-03-22 14:13 - 2008-01-18 22:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bdasup.sys

2015-03-22 14:13 - 2008-01-18 22:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys

2015-03-22 14:13 - 2008-01-18 22:53 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys

2015-03-22 14:13 - 2008-01-18 22:52 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys

2015-03-22 14:13 - 2008-01-18 22:52 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\vga256.dll

2015-03-22 14:13 - 2008-01-18 22:52 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys

2015-03-22 14:13 - 2008-01-18 22:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys

2015-03-22 14:13 - 2008-01-18 22:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys

2015-03-22 14:13 - 2008-01-18 22:52 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\vga64k.dll

2015-03-22 14:13 - 2008-01-18 22:52 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\framebuf.dll

2015-03-22 14:13 - 2008-01-18 22:52 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\vga.dll

2015-03-22 14:13 - 2008-01-18 22:50 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parvdm.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00005504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys

2015-03-22 14:13 - 2008-01-18 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\dmdskres2.dll

2015-03-22 14:13 - 2008-01-18 22:48 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\comres.dll

2015-03-22 14:13 - 2008-01-18 22:48 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\msdtcVSp1res.dll

2015-03-22 14:13 - 2008-01-18 22:45 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs

2015-03-22 14:13 - 2008-01-18 22:45 - 00016896 _____ (Microsoft) C:\Windows\system32\grb.rs

2015-03-22 14:13 - 2008-01-18 22:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\activeds.tlb

2015-03-22 14:13 - 2008-01-18 22:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\wertargets.wtl

2015-03-22 14:13 - 2008-01-18 22:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys

2015-03-22 14:13 - 2008-01-18 22:33 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\graftabl.com

2015-03-22 14:13 - 2008-01-18 22:31 - 08322048 _____ (Microsoft Corporation) C:\Windows\system32\spwizimg.dll

2015-03-22 14:13 - 2008-01-18 22:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys

2015-03-22 14:13 - 2008-01-18 22:30 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys

2015-03-22 14:13 - 2008-01-18 22:28 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys

2015-03-22 14:13 - 2008-01-18 22:28 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys

2015-03-22 14:13 - 2008-01-18 22:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys

2015-03-22 14:13 - 2008-01-18 22:27 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\bootstr.dll

2015-03-22 14:13 - 2008-01-05 04:34 - 00015181 _____ () C:\Windows\system32\gatherWirelessInfo.vbs

2015-03-22 14:13 - 2008-01-05 04:32 - 00001820 _____ () C:\Windows\system32\rasctrnm.h

2015-03-22 14:13 - 2008-01-05 04:31 - 00145455 _____ () C:\Windows\system32\perfmon.msc

2015-03-22 14:13 - 2008-01-05 04:23 - 00060124 _____ () C:\Windows\system32\tcpmon.ini

2015-03-22 14:13 - 2008-01-05 04:22 - 00144909 _____ () C:\Windows\system32\fsmgmt.msc

2015-03-22 14:13 - 2008-01-05 04:21 - 00012198 _____ () C:\Windows\system32\gatherWiredInfo.vbs

2015-03-22 14:12 - 2007-12-06 05:04 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll

2015-03-22 14:10 - 2015-03-22 14:20 - 00327680 _____ () C:\Windows\SPInstall.etl

2015-03-22 14:02 - 2015-04-02 10:42 - 00000000 ____D () C:\Users\Earth

2015-03-22 14:02 - 2015-04-02 10:41 - 00001356 _____ () C:\Users\Earth\AppData\Local\d3d9caps.dat

2015-03-22 14:02 - 2015-03-25 10:07 - 00000944 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-22 14:02 - 2015-03-22 23:01 - 00049168 _____ () C:\Users\Earth\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-22 14:02 - 2015-03-22 23:00 - 00000949 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-03-22 14:02 - 2015-03-22 14:50 - 00000915 _____ () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

2015-03-22 14:02 - 2015-03-22 14:02 - 00000020 ___SH () C:\Users\Earth\ntuser.ini

2015-03-22 14:02 - 2015-03-22 14:02 - 00000000 ____D () C:\Users\Earth\AppData\Local\VirtualStore

2015-03-22 14:02 - 2006-11-02 13:54 - 00000000 ___RD () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-22 14:02 - 2006-11-02 13:50 - 00000000 ___RD () C:\Users\Earth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 13:54 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-20 13:54 - 2006-11-02 13:47 - 00004448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-20 10:57 - 2006-11-02 13:52 - 00658187 _____ () C:\Windows\WindowsUpdate.log

2015-04-20 08:00 - 2006-11-02 11:33 - 00844736 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-20 07:54 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-19 23:19 - 2006-11-02 14:01 - 00026268 _____ () C:\Windows\Tasks\SCHEDLGU.TXT