1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Is malware making IE to stop working?

Discussion in 'Malware and Virus Removal' started by BOBBO, 2017/05/22.

  1. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Can malware be causing this problem? Before I submitted my initial post in the Internet Explorer forum here, I ran a Norton A-V scan and it came up clean. TonyT, of the IE forum, advised me to check in here. Here's what I posted there:

    When my wife tries to open Internet Explorer she gets an error message that IE has stopped working. In the probable details window she gets this:


    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: IEXPLORE.EXE
    Application Version: 11.0.9600.18666
    Application Timestamp: 58f30f27
    Fault Module Name: StackHash_0a9e
    Fault Module Version: 0.0.0.0
    Fault Module Timestamp: 00000000
    Exception Code: 80000003
    Exception Offset: 003b0d06
    OS Version: 6.1.7601.2.1.0.768.3
    Locale ID: 1033
    Additional Information 1: 0a9e
    Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
    Additional Information 3: 0a9e
    Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

    Does anything in the above suggest a malware problem?
     
  2. 2017/05/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     

  3. to hide this advert.

  4. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's some of the first part of the log, there's another section, called "Additional," that I'll post in a bit.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
    Ran by Gayle (administrator) on GAYLE-PC (22-05-2017 19:36:10)
    Running from C:\Downloads\Temporary
    Loaded Profiles: UpdatusUser & Gayle (Available Profiles: UpdatusUser & Gayle)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\nav.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cavwp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cis.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\nav.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
    HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe [1487552 2017-04-22] (COMODO)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-29] (Apple Inc.)
    HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
    HKLM-x32\...\Run: [Easy Dock] => [X]
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-21] (Apple Inc.)
    HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-29] (COMODO)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2016-05-18] (Dell)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\...\MountPoints2: {ef4bdcfa-1f1a-11e0-8341-806e6f6e6963} - D:\Welcome.exe
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [Easy Dock] => C:\Users\Gayle\Documents\RCA easyRip\EZDock.exe
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [EPSON NX510 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2017-03-02] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [Google Update] => C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-29] (Apple Inc.)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [EPSON NX510 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2017-03-02] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2017-03-29] (Apple Inc.)
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
    AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [942792 2017-04-22] (COMODO)
    AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
    ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
    ShellExecuteHooks-x32: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-06] (Dropbox, Inc.)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{3936588A-D1D7-4D78-B4FC-58D5243BF6B1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{CDD9580C-C199-4B92-A620-4A29EAFA4D8D}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    SearchScopes: HKLM -> DefaultScope {11D0BC6C-D8A3-4D49-A224-55C2A6F7665B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {11D0BC6C-D8A3-4D49-A224-55C2A6F7665B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-19 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}**
    SearchScopes: HKU\S-1-5-20 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}**
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1000 -> DefaultScope {8B21A7F3-5020-4A72-B47B-C23A1F41F86A} URL = hxxp://findgala.com/?&uid=289&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1000 -> {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL =
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1000 -> {8B21A7F3-5020-4A72-B47B-C23A1F41F86A} URL = hxxp://findgala.com/?&uid=289&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> DefaultScope {ED1C8FFB-0094-4EAA-BB0C-583683CBAE34} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=201117&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> 36F5A7AFCFAA46FAA7BD4DD8AEDFF22E URL = hxxp://findgala.com/?&uid=289&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {11D0BC6C-D8A3-4D49-A224-55C2A6F7665B} URL =
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL =
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {8B21A7F3-5020-4A72-B47B-C23A1F41F86A} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22.9.1.12&locale=en_US&guid=44FBC554-8413-4443-8A18-ECC4A08D6C4A&doi=2016-09-01&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {ED1C8FFB-0094-4EAA-BB0C-583683CBAE34} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=201117&p={searchTerms}
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04] (Oracle Corporation)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2010-09-14] (Belarc, Inc.)
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)

    FireFox:
    ========
    FF DefaultProfile: 1syerixe.default
    FF ProfilePath: C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default [2017-05-22]
    FF Homepage: Mozilla\SeaMonkey\Profiles\1syerixe.default -> hxxp://www.google.com
    FF NetworkProxy: Mozilla\SeaMonkey\Profiles\1syerixe.default -> share_proxy_settings", true
    FF Extension: (DOM Inspector) - C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\Extensions\inspector@mozilla.org.xpi [2016-05-16] [not signed]
    FF Extension: (ChatZilla) - C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2016-05-16] [not signed]
    FF Extension: (JavaScript Debugger) - C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-04-29] [not signed]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon [2017-05-22]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-04] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2002-10-29] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3812855668-3064132733-4185535367-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3812855668-3064132733-4185535367-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://search.yahoo.com/?type=201117&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=201117&fr=yo-yhp-ch","hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP","hxxp://www.google.com"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=201117&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com search
    CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Profile: C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
    CHR Extension: (YouTube) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-29]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-04-29]
    CHR Extension: (Google Search) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-30]
    CHR Extension: (Norton Identity Safe) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
    CHR Extension: (Skype) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-04-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-29]
    CHR Extension: (Gmail) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-30]
    CHR Extension: (Chrome Media Router) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-22]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-22]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-21] (Apple Inc.)
    R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-06-08] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe [10512032 2017-04-22] (COMODO)
    S3 cmdvirth; C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-22] (COMODO)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-29] (COMODO)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\NAV.exe [326160 2017-05-11] (Symantec Corporation)
    S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\BASHDefs\20170518.001\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
    R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\IPSDefs\20170522.003\IDSvia64.sys [1053824 2017-05-22] (Symantec Corporation)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
    R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-29] (COMODO)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
    R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-22] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20170508.001\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20170508.001\NAVEX15.SYS [X]
    S3 NVHDA; system32\drivers\nvhda64v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  5. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the next batch:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
    Ran by Gayle (administrator) on GAYLE-PC (22-05-2017 19:36:10)
    Running from C:\Downloads\Temporary
    Loaded Profiles: UpdatusUser & Gayle (Available Profiles: UpdatusUser & Gayle)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\nav.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cavwp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
    (COMODO) C:\Program Files (x86)\COMODO\COMODO Internet Security\cis.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\nav.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-14] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
    HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe [1487552 2017-04-22] (COMODO)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-29] (Apple Inc.)
    HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
    HKLM-x32\...\Run: [Easy Dock] => [X]
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-21] (Apple Inc.)
    HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-29] (COMODO)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2016-05-18] (Dell)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\...\MountPoints2: {ef4bdcfa-1f1a-11e0-8341-806e6f6e6963} - D:\Welcome.exe
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [Easy Dock] => C:\Users\Gayle\Documents\RCA easyRip\EZDock.exe
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [EPSON NX510 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2017-03-02] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [Google Update] => C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-29] (Apple Inc.)
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Run: [EPSON NX510 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE [223232 2017-03-02] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2017-03-29] (Apple Inc.)
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
    AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll [942792 2017-04-22] (COMODO)
    AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
    ShellExecuteHooks: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
    ShellExecuteHooks-x32: No Name - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> No File
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-06] (Dropbox, Inc.)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{3936588A-D1D7-4D78-B4FC-58D5243BF6B1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{CDD9580C-C199-4B92-A620-4A29EAFA4D8D}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    SearchScopes: HKLM -> DefaultScope {11D0BC6C-D8A3-4D49-A224-55C2A6F7665B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {11D0BC6C-D8A3-4D49-A224-55C2A6F7665B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-19 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}**
    SearchScopes: HKU\S-1-5-20 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}**
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1000 -> DefaultScope {8B21A7F3-5020-4A72-B47B-C23A1F41F86A} URL = hxxp://findgala.com/?&uid=289&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1000 -> {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL =
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1000 -> {8B21A7F3-5020-4A72-B47B-C23A1F41F86A} URL = hxxp://findgala.com/?&uid=289&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> DefaultScope {ED1C8FFB-0094-4EAA-BB0C-583683CBAE34} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=201117&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> 36F5A7AFCFAA46FAA7BD4DD8AEDFF22E URL = hxxp://findgala.com/?&uid=289&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {11D0BC6C-D8A3-4D49-A224-55C2A6F7665B} URL =
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {2BAF436E-4041-42B3-91B5-CEBE04B2855E} URL =
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {8B21A7F3-5020-4A72-B47B-C23A1F41F86A} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=US&ver=22.9.1.12&locale=en_US&guid=44FBC554-8413-4443-8A18-ECC4A08D6C4A&doi=2016-09-01&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> {ED1C8FFB-0094-4EAA-BB0C-583683CBAE34} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=201117&p={searchTerms}
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04] (Oracle Corporation)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-11] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2010-09-14] (Belarc, Inc.)
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)

    FireFox:
    ========
    FF DefaultProfile: 1syerixe.default
    FF ProfilePath: C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default [2017-05-22]
    FF Homepage: Mozilla\SeaMonkey\Profiles\1syerixe.default -> hxxp://www.google.com
    FF NetworkProxy: Mozilla\SeaMonkey\Profiles\1syerixe.default -> share_proxy_settings", true
    FF Extension: (DOM Inspector) - C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\Extensions\inspector@mozilla.org.xpi [2016-05-16] [not signed]
    FF Extension: (ChatZilla) - C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2016-05-16] [not signed]
    FF Extension: (JavaScript Debugger) - C:\Users\Gayle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1syerixe.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-04-29] [not signed]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon [2017-05-22]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-04] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2002-10-29] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3812855668-3064132733-4185535367-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3812855668-3064132733-4185535367-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://search.yahoo.com/?type=201117&fr=yo-yhp-ch
    CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=201117&fr=yo-yhp-ch","hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP","hxxp://www.google.com"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=201117&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com search
    CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Profile: C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
    CHR Extension: (YouTube) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-29]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-04-29]
    CHR Extension: (Google Search) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-30]
    CHR Extension: (Norton Identity Safe) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
    CHR Extension: (Skype) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-04-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-29]
    CHR Extension: (Gmail) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-30]
    CHR Extension: (Chrome Media Router) - C:\Users\Gayle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-22]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-22]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

    ==================== Services (Whitelisted) ====================
     
  6. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the third batch:

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-21] (Apple Inc.)
    R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-06-08] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe [10512032 2017-04-22] (COMODO)
    S3 cmdvirth; C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-22] (COMODO)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-29] (COMODO)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\NAV.exe [326160 2017-05-11] (Symantec Corporation)
    S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\BASHDefs\20170518.001\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
    R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\IPSDefs\20170522.003\IDSvia64.sys [1053824 2017-05-22] (Symantec Corporation)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
    R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-29] (COMODO)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
    R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-22] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20170508.001\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20170508.001\NAVEX15.SYS [X]
    S3 NVHDA; system32\drivers\nvhda64v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  7. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the fourth batch:

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-21] (Apple Inc.)
    R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-06-08] (Microsoft Corporation)
    R2 CmdAgent; C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe [10512032 2017-04-22] (COMODO)
    S3 cmdvirth; C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-22] (COMODO)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-29] (COMODO)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\NAV.exe [326160 2017-05-11] (Symantec Corporation)
    S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\BASHDefs\20170518.001\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
    R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-03-28] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [848736 2017-03-28] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-03-28] (COMODO)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\IPSDefs\20170522.003\IDSvia64.sys [1053824 2017-05-22] (Symantec Corporation)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [119392 2017-03-28] (COMODO)
    R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-29] (COMODO)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
    R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-22] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20170508.001\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.0.124\Definitions\SDSDefs\20170508.001\NAVEX15.SYS [X]
    S3 NVHDA; system32\drivers\nvhda64v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  8. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the fifth batch:

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-22 19:35 - 2017-05-22 19:36 - 00000000 ____D C:\FRST
    2017-05-22 19:34 - 2017-05-22 19:34 - 00001096 _____ C:\Users\Gayle\Desktop\FRST64.lnk
    2017-05-22 19:34 - 2017-05-22 19:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2017-05-22 15:52 - 2017-05-22 15:52 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-05-22 14:14 - 2017-05-22 14:14 - 00003110 _____ C:\Windows\System32\Tasks\{A8BAC8BE-8DF9-4BE5-817B-450CE71BD6ED}
    2017-05-22 13:12 - 2017-05-22 13:12 - 00003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
    2017-05-09 11:38 - 2017-04-27 18:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-05-09 11:38 - 2017-04-26 07:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-05-09 11:38 - 2017-04-19 17:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-05-09 11:38 - 2017-04-19 16:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-05-09 11:38 - 2017-04-17 08:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-05-09 11:38 - 2017-04-16 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-05-09 11:38 - 2017-04-16 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-05-09 11:38 - 2017-04-16 01:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-05-09 11:38 - 2017-04-16 01:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-05-09 11:38 - 2017-04-16 01:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-05-09 11:38 - 2017-04-16 01:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-05-09 11:38 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-05-09 11:38 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-05-09 11:38 - 2017-04-16 01:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-05-09 11:38 - 2017-04-16 01:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-05-09 11:38 - 2017-04-16 01:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-05-09 11:38 - 2017-04-16 01:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-05-09 11:38 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-05-09 11:38 - 2017-04-16 01:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-05-09 11:38 - 2017-04-16 01:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-05-09 11:38 - 2017-04-16 01:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-05-09 11:38 - 2017-04-16 01:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-05-09 11:38 - 2017-04-16 01:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-05-09 11:38 - 2017-04-16 01:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-05-09 11:38 - 2017-04-16 01:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-05-09 11:38 - 2017-04-16 01:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-05-09 11:38 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-05-09 11:38 - 2017-04-16 01:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-05-09 11:38 - 2017-04-16 01:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-05-09 11:38 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-05-09 11:38 - 2017-04-16 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-05-09 11:38 - 2017-04-16 01:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-05-09 11:38 - 2017-04-16 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-05-09 11:38 - 2017-04-16 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-05-09 11:38 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-05-09 11:38 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-05-09 11:38 - 2017-04-16 00:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-05-09 11:38 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-05-09 11:38 - 2017-04-16 00:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-05-09 11:38 - 2017-04-16 00:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-05-09 11:38 - 2017-04-16 00:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-05-09 11:38 - 2017-04-16 00:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-05-09 11:38 - 2017-04-16 00:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-05-09 11:38 - 2017-04-16 00:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-05-09 11:38 - 2017-04-16 00:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-05-09 11:38 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-05-09 11:38 - 2017-04-16 00:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-05-09 11:38 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-05-09 11:38 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-05-09 11:38 - 2017-04-16 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-05-09 11:38 - 2017-04-16 00:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-05-09 11:38 - 2017-04-16 00:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-05-09 11:38 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-05-09 11:38 - 2017-04-16 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-05-09 11:38 - 2017-04-16 00:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-05-09 11:38 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-05-09 11:38 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-05-09 11:38 - 2017-04-16 00:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-05-09 11:38 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-05-09 11:38 - 2017-04-16 00:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-05-09 11:38 - 2017-04-16 00:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-05-09 11:38 - 2017-04-16 00:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-05-09 11:38 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-05-09 11:38 - 2017-04-16 00:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-05-09 11:38 - 2017-04-16 00:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-05-09 11:38 - 2017-04-15 23:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-05-09 11:38 - 2017-04-15 23:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-05-09 11:38 - 2017-04-15 23:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-05-09 11:38 - 2017-04-15 23:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-05-09 11:38 - 2017-04-15 23:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-05-09 11:38 - 2017-04-15 23:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-05-09 11:37 - 2017-04-27 18:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-05-09 11:37 - 2017-04-27 18:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-05-09 11:37 - 2017-04-27 18:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-05-09 11:37 - 2017-04-27 18:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-05-09 11:37 - 2017-04-27 18:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-05-09 11:37 - 2017-04-27 18:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-05-09 11:37 - 2017-04-27 17:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-05-09 11:37 - 2017-04-27 17:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-05-09 11:37 - 2017-04-27 17:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-05-09 11:37 - 2017-04-27 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-05-09 11:37 - 2017-04-27 17:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-05-09 11:37 - 2017-04-27 17:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-05-09 11:37 - 2017-04-27 17:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-05-09 11:37 - 2017-04-27 17:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-05-09 11:37 - 2017-04-27 17:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-05-09 11:37 - 2017-04-27 17:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-05-09 11:37 - 2017-04-27 17:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-05-09 11:37 - 2017-04-27 17:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-05-09 11:37 - 2017-04-27 17:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-05-09 11:37 - 2017-04-27 17:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-05-09 11:37 - 2017-04-27 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-05-09 11:37 - 2017-04-27 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-05-09 11:37 - 2017-04-27 17:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-05-09 11:37 - 2017-04-27 17:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-05-09 11:37 - 2017-04-27 17:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-27 17:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-05-09 11:37 - 2017-04-21 08:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2017-05-09 11:37 - 2017-04-21 08:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2017-05-09 11:37 - 2017-04-17 08:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2017-05-09 11:37 - 2017-04-17 08:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2017-05-09 11:37 - 2017-04-17 08:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2017-05-09 11:37 - 2017-04-17 08:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2017-05-09 11:37 - 2017-04-17 08:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-05-09 11:37 - 2017-04-17 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2017-05-09 11:37 - 2017-04-17 08:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2017-05-09 11:37 - 2017-04-17 07:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2017-05-09 11:37 - 2017-04-12 08:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2017-05-09 11:37 - 2017-04-12 08:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2017-05-09 11:37 - 2017-04-12 08:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2017-05-09 11:37 - 2017-04-12 08:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2017-05-09 11:37 - 2017-04-12 08:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2017-05-09 11:37 - 2017-04-12 08:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2017-05-09 11:37 - 2017-04-12 08:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2017-05-09 11:37 - 2017-04-12 08:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2017-05-09 11:37 - 2017-04-07 08:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-05-09 11:37 - 2017-04-07 08:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-05-09 11:37 - 2017-04-07 08:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-05-09 11:37 - 2017-04-07 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-05-09 11:37 - 2017-04-07 08:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-05-09 11:37 - 2017-04-05 07:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-05-09 11:37 - 2017-04-05 07:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-05-09 11:37 - 2017-04-05 07:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-05-09 11:37 - 2017-04-04 08:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-05-09 11:37 - 2017-04-04 08:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-05-09 11:37 - 2017-04-04 08:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-05-09 11:37 - 2017-04-04 07:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2017-05-09 11:37 - 2017-04-04 07:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-05-07 07:32 - 2017-05-07 07:32 - 00000000 ___HD C:\OneDriveTemp
    2017-05-04 15:27 - 2017-05-04 15:27 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2017-05-04 15:27 - 2017-05-04 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-05-04 14:13 - 2017-05-04 14:13 - 00001357 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
    2017-05-04 14:00 - 2017-05-04 14:00 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    2017-05-04 13:38 - 2017-05-04 13:38 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2017-05-04 13:38 - 2017-05-04 13:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2017-05-04 13:38 - 2017-05-04 13:38 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2017-05-04 13:38 - 2017-05-04 13:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2017-05-04 13:38 - 2017-05-04 13:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2017-05-04 13:30 - 2017-03-10 09:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
    2017-05-04 13:30 - 2017-03-10 09:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
    2017-05-04 13:30 - 2017-03-10 09:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
    2017-05-04 13:30 - 2017-03-10 09:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
    2017-05-04 13:30 - 2017-03-10 08:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
    2017-05-04 13:30 - 2017-03-10 08:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
    2017-05-04 13:30 - 2017-03-10 08:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
    2017-05-04 13:30 - 2017-03-09 09:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-05-04 13:30 - 2017-03-09 09:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-05-02 16:57 - 2017-05-02 16:57 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (8).exe
    2017-05-02 16:57 - 2017-05-02 16:57 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (7).exe
    2017-05-02 16:56 - 2017-05-02 16:56 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (6).exe
    2017-05-02 16:56 - 2017-05-02 16:56 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (5).exe
    2017-05-02 16:56 - 2017-05-02 16:56 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (4).exe
    2017-05-02 16:56 - 2017-05-02 16:56 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (3).exe
    2017-05-02 16:55 - 2017-05-02 16:55 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (2).exe
    2017-05-02 16:55 - 2017-05-02 16:55 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup (1).exe
    2017-05-02 16:54 - 2017-05-02 16:54 - 00966488 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Gayle\Downloads\DriverUpdate-setup.exe
    2017-04-29 12:12 - 2017-05-09 11:13 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-04-29 12:12 - 2017-05-09 11:13 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-04-25 08:44 - 2017-03-29 20:10 - 00307960 _____ (COMODO) C:\Windows\system32\iseguard64.dll
    2017-04-25 08:44 - 2017-03-29 20:10 - 00236792 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll
    2017-04-25 08:44 - 2017-03-29 20:10 - 00050856 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys

    ==================== One Month Modified files and folders ========
     
  9. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the sixth batch:

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-22 19:33 - 2012-03-08 14:43 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
    2017-05-22 17:46 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-05-22 17:46 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-05-22 17:41 - 2009-07-13 22:13 - 00913836 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-05-22 17:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-05-22 17:37 - 2011-01-13 05:10 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2017-05-22 17:36 - 2011-01-13 06:44 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-05-22 17:36 - 2011-01-13 05:36 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2017-05-22 17:36 - 2011-01-13 05:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2017-05-22 17:36 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-05-22 17:32 - 2014-09-10 16:22 - 01461198 _____ C:\Windows\ntbtlog.txt
    2017-05-22 17:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
    2017-05-22 15:44 - 2011-03-02 20:29 - 00000000 ____D C:\Users\Gayle\AppData\Local\CrashDumps
    2017-05-22 15:19 - 2011-01-13 05:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
    2017-05-22 14:07 - 2011-02-01 23:49 - 00000000 ____D C:\ProgramData\TEMP
    2017-05-22 14:07 - 2011-02-01 23:40 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2017-05-22 14:07 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2017-05-22 14:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2017-05-22 14:05 - 2011-01-31 05:03 - 00000000 ____D C:\Users\Gayle\AppData\Roaming\Auslogics
    2017-05-22 14:05 - 2011-01-29 03:21 - 00000000 ____D C:\Program Files (x86)\Auslogics
    2017-05-22 13:48 - 2015-12-03 10:13 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-05-22 13:34 - 2012-03-08 14:43 - 00003532 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
    2017-05-22 13:34 - 2012-03-08 14:43 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
    2017-05-22 13:27 - 2014-05-18 13:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-05-22 13:14 - 2016-03-17 10:40 - 00000000 ____D C:\Windows\System32\Tasks\Norton AntiVirus
    2017-05-22 13:12 - 2015-07-15 10:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
    2017-05-22 13:12 - 2011-02-01 23:16 - 00002293 _____ C:\Users\Public\Desktop\Norton AntiVirus.lnk
    2017-05-22 13:12 - 2011-02-01 23:16 - 00000000 ____D C:\Windows\system32\Drivers\NAVx64
    2017-05-22 13:04 - 2011-02-01 23:16 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2017-05-22 13:04 - 2011-02-01 23:16 - 00008339 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2017-05-12 08:39 - 2011-01-29 03:06 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
    2017-05-11 07:42 - 2011-01-13 04:52 - 00000000 ____D C:\Users\UpdatusUser
    2017-05-10 11:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-05-10 09:41 - 2012-04-01 07:10 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-05-10 09:41 - 2012-04-01 07:10 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-05-10 09:41 - 2011-11-13 09:36 - 00000000 ____D C:\Windows\system32\Macromed
    2017-05-10 09:41 - 2011-05-18 10:40 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-05-10 09:41 - 2011-01-13 04:54 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-05-10 09:30 - 2009-07-13 21:45 - 00343024 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-05-10 09:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2017-05-09 21:34 - 2013-12-12 12:58 - 00906450 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-05-09 21:32 - 2013-07-15 10:44 - 00000000 ____D C:\Windows\system32\MRT
    2017-05-09 21:28 - 2011-01-29 01:14 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-05-07 19:54 - 2014-01-26 15:23 - 00000000 ___RD C:\Users\Gayle\SkyDrive
    2017-05-07 15:29 - 2011-02-21 19:58 - 00000000 ____D C:\Users\Gayle\AppData\Local\Google
    2017-05-07 15:20 - 2014-06-03 16:02 - 00000531 _____ C:\Users\Gayle\Desktop\Library Wireless Access For Corvallis - Benton County Public Library.website
    2017-05-06 16:58 - 2011-02-23 15:46 - 00000000 ____D C:\Users\Gayle\AppData\Local\ElevatedDiagnostics
    2017-05-06 10:34 - 2009-07-13 22:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-05-04 15:26 - 2015-01-22 16:39 - 00000000 ____D C:\Program Files (x86)\Java
    2017-05-04 14:15 - 2016-12-18 19:41 - 00000000 ____D C:\ProgramData\Foxit Software
    2017-05-03 12:22 - 2012-03-08 14:43 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2017-05-02 09:00 - 2012-03-08 14:43 - 00004266 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
    2017-05-01 12:57 - 2017-04-03 14:02 - 00001527 _____ C:\Users\Gayle\Desktop\MP3 Audiobooks.lnk
    2017-04-29 12:12 - 2015-05-30 15:31 - 00000000 ____D C:\Program Files (x86)\Google
    2017-04-29 12:12 - 2012-02-19 16:06 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-04-29 12:12 - 2012-02-19 16:06 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-04-27 13:04 - 2015-05-30 15:43 - 00003508 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002UA
    2017-04-27 13:04 - 2015-05-30 15:43 - 00003236 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002Core
    2017-04-25 21:08 - 2016-06-28 16:20 - 00003592 _____ C:\Windows\system32\Drivers\fvstore.dat
    2017-04-25 08:44 - 2017-04-20 09:41 - 00002305 _____ C:\Users\Public\Desktop\COMODO Firewall 10.lnk
    2017-04-25 08:44 - 2011-07-29 11:07 - 00000000 ____D C:\Program Files (x86)\COMODO
    2017-04-25 08:44 - 2011-07-29 11:03 - 00000000 ____D C:\ProgramData\Comodo
    2017-04-22 15:31 - 2016-04-27 22:05 - 00051808 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
    2017-04-22 15:30 - 2016-04-27 22:04 - 00942792 _____ (COMODO) C:\Windows\system32\guard64.dll
    2017-04-22 15:30 - 2016-04-27 22:04 - 00733456 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
    2017-04-22 15:28 - 2017-04-19 17:57 - 00230592 _____ (COMODO) C:\Windows\system32\cmdshim64.dll
    2017-04-22 15:28 - 2016-04-27 22:00 - 00457408 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
    2017-04-22 15:26 - 2017-04-19 17:57 - 00194752 _____ (COMODO) C:\Windows\SysWOW64\cmdshim32.dll
    2017-04-22 15:26 - 2016-04-27 21:55 - 00363200 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll

    ==================== Files in the root of some directories =======

    2011-02-17 14:41 - 2011-02-17 14:41 - 0000268 ___RH () C:\Users\Gayle\AppData\Roaming\Pipe Organ
    2011-02-17 14:43 - 2011-02-17 14:43 - 0000268 ___RH () C:\Users\Gayle\AppData\Roaming\Plants
    2014-07-28 10:49 - 2014-07-28 10:49 - 0003584 _____ () C:\Users\Gayle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-03-31 08:05 - 2011-03-31 08:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2011-02-17 14:41 - 2016-12-05 17:11 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
    2011-02-17 14:43 - 2012-10-20 14:12 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
    2011-02-17 14:41 - 2011-02-17 14:41 - 0000268 ___RH () C:\ProgramData\Plug-Ins
    2011-02-17 14:43 - 2011-02-17 14:43 - 0000268 ___RH () C:\ProgramData\Podcasting
    2011-02-17 14:41 - 2011-02-17 14:41 - 0000012 ___RH () C:\ProgramData\Printer Icons
    2011-02-17 14:43 - 2011-02-17 14:43 - 0000012 ___RH () C:\ProgramData\Profiles

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-05-13 07:29

    ==================== End of FRST.txt ============================
     
  10. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the Additional log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
    Ran by Gayle (22-05-2017 19:37:08)
    Running from C:\Downloads\Temporary
    Windows 7 Home Premium Service Pack 1 (X64) (2011-01-29 07:38:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3812855668-3064132733-4185535367-500 - Administrator - Disabled)
    Gayle (S-1-5-21-3812855668-3064132733-4185535367-1002 - Administrator - Enabled) => C:\Users\Gayle
    Guest (S-1-5-21-3812855668-3064132733-4185535367-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3812855668-3064132733-4185535367-1003 - Limited - Enabled)
    UpdatusUser (S-1-5-21-3812855668-3064132733-4185535367-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton AntiVirus (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
    AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton AntiVirus (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
    FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Adobe Photoshop Album (HKLM-x32\...\{D5F9E6AA-7075-49EC-992F-A6213C73607F}) (Version: 1.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
    ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.71 - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{07453869-D17D-4159-A23D-0A956CE96448}) (Version: 2.8.255.292 - ArcSoft)
    Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
    Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version: - )
    Bing Bar (HKLM-x32\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation)
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
    COMODO Firewall (HKLM\...\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5}) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
    Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.23 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.23 - PC-Doctor, Inc.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
    Dropbox (HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Dropbox) (Version: 1.0.20 - Dropbox, Inc.)
    Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - )
    Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.00 - SEIKO EPSON Corporation)
    EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
    File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.3 - Nikon)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
    iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
    Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
    Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
    Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
    Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
    iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
    Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.2 - Nikon)
    Norton AntiVirus (HKLM-x32\...\NAV) (Version: 22.9.3.13 - Symantec Corporation)
    NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5939 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
    NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
    OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
    Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.8.5 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    SeaMonkey 2.46 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.46 (x86 en-US)) (Version: 2.46 - Mozilla)
    Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
    ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.1 - Nikon)
    Viewpoint Media Player (Remove Only) (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
    Vocabulary (HKLM-x32\...\Vocabulary) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================
     
  11. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the second batch from the Additional log:

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gayle\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0EF6963A-78AC-4A5A-8909-C6EB9F5BFC32} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
    Task: {2EB2A354-DDF5-4E9C-B940-90CE4D8D6C50} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)
    Task: {3AC1573A-329A-4EFA-B7DF-4E88E0EFF26E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002UA => C:\Users\Gayle\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.)
    Task: {3B7EC30F-13CF-40F7-86FE-1BED95E86C2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-29] (Google Inc.)
    Task: {468A7BC8-00B7-4F1D-B431-1C00A83B7CDD} - System32\Tasks\{64F0F1E3-77A5-47E7-AB9E-11241A332ED7} => pcalua.exe -a "C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdinstall.exe" -d "C:\Program Files (x86)\COMODO\COMODO Internet Security\"
    Task: {4AF95C12-28C4-4608-9E26-9244D37F0587} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2017-05-11] (Symantec Corporation)
    Task: {4E4C3041-8F90-4B0F-B3D5-E7184EB4D39C} - System32\Tasks\{A8BAC8BE-8DF9-4BE5-817B-450CE71BD6ED} => pcalua.exe -a "C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.cpl"
    Task: {5D41AFDD-16B8-4DAF-8267-A0689AEB2BF8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
    Task: {6239BEF9-B171-4FFA-AAE9-E4060C554DC0} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files (x86)\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
    Task: {6C7ACC13-C63A-4BBB-ABDF-97C6909A62C2} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-02-07] (PC-Doctor, Inc.)
    Task: {6FFD6505-EF3F-42D3-AFE4-2712F0F768BF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\WSCStub.exe [2017-05-11] (Symantec Corporation)
    Task: {78A57A05-B1E3-400E-8326-246C98C5B8CF} - System32\Tasks\Norton AntiVirus\Norton AntiVirus Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {79F9AA82-BC02-4CF2-8C62-A2E98B28D4AB} - System32\Tasks\{A62BFF7C-811C-4E73-9789-31DE0BAC5CB4} => D:\MusicET.exe
    Task: {898EC7AE-0B85-4E9F-A8B6-57C22AF875D3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files (x86)\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
    Task: {8EBA7011-2CF8-4356-9E50-D5EDC7856550} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-02-07] (PC-Doctor, Inc.)
    Task: {95745CA6-94EA-4049-ABA5-7DF63687823E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe [2017-04-22] (COMODO)
    Task: {A4201803-BA57-47E3-A15E-2CCA44BCA99B} - System32\Tasks\Norton AntiVirus\Norton AntiVirus Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {AD632F89-4D4C-45AB-A9F3-79CF8809B10F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-29] (Google Inc.)
    Task: {AE7E327B-8A9D-40F5-A803-0433EAD6CB57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-03-21] (Apple Inc.)
    Task: {B020F68D-7E12-44A5-8768-95F90CC626DC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {B456E678-DA66-4101-A4FA-A62D95194FBA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002Core => C:\Users\Gayle\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-16] (Google Inc.)
    Task: {BEFAE6DF-D619-4F15-92D0-695E4E8E0499} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files (x86)\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
    Task: {D5DDC562-6FEA-4308-B7D2-B69A0B62764B} - System32\Tasks\{BB496A18-FE2E-4F1D-AE37-25504494B1A2} => D:\Adobe Photoshop Album\Setup.exe
    Task: {DA68E653-7B8D-412F-A229-3FD1289A992E} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
    Task: {E1B7EB9B-B31D-491B-918D-E93230E53948} - System32\Tasks\{7ED21662-48A9-4F99-98E2-D573406BF571} => c:\program files (x86)\seamonkey\seamonkey.exe [2016-12-30] (mozilla.org)
    Task: {FBF94E84-4C04-42FC-A52E-EA47B891CC4F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe o-backgroundmon scripts\defaultscan.xml
    Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

    ==================== Shortcuts =============================
     
  12. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the third batch from the Additional log:

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-04-27 21:58 - 2017-04-22 15:27 - 00244928 _____ () C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdcomps.dll
    2016-04-27 21:56 - 2017-04-22 15:27 - 00107200 _____ () C:\Program Files (x86)\COMODO\COMODO Internet Security\cavwpps.dll
    2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2012-10-19 15:13 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-01-13 05:10 - 2016-05-18 08:17 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2011-01-13 05:06 - 2010-09-24 09:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    2017-03-22 18:14 - 2017-03-22 18:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-03-22 18:14 - 2017-03-22 18:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    2009-10-15 02:10 - 2009-10-15 02:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
    2011-03-06 11:35 - 2008-12-22 10:50 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    2011-03-06 11:35 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\GPhotos.scr:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAIRInstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAIRInstaller.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAir_17.0.0.144_SPS.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAir_17.0.0.144_SPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeFlashPlayer_17.0.0.188_NPAPI_SPS.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeFlashPlayer_17.0.0.188_NPAPI_SPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeReader_11.0.10_en-US_SPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\JavaJRE_7u71_32-bit_PSIonlySPS.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\JavaJRE_7u71_32-bit_PSIonlySPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\spywareblastersetup55.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\spywareblastersetup55.exe:$CmdZnID [26]

    ==================== Safe Mode (Whitelisted) ===================
     
  13. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-04-27 21:58 - 2017-04-22 15:27 - 00244928 _____ () C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdcomps.dll
    2016-04-27 21:56 - 2017-04-22 15:27 - 00107200 _____ () C:\Program Files (x86)\COMODO\COMODO Internet Security\cavwpps.dll
    2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2012-10-19 15:13 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-01-13 05:10 - 2016-05-18 08:17 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2010-03-05 08:21 - 2010-03-05 08:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2011-01-13 05:06 - 2010-09-24 09:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    2017-03-22 18:14 - 2017-03-22 18:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-03-22 18:14 - 2017-03-22 18:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    2009-10-15 02:10 - 2009-10-15 02:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    2010-02-09 12:34 - 2010-02-09 12:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
    2011-03-06 11:35 - 2008-12-22 10:50 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    2011-03-06 11:35 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\GPhotos.scr:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAIRInstaller.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAIRInstaller.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAir_17.0.0.144_SPS.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeAir_17.0.0.144_SPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeFlashPlayer_17.0.0.188_NPAPI_SPS.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeFlashPlayer_17.0.0.188_NPAPI_SPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\AdobeReader_11.0.10_en-US_SPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\JavaJRE_7u71_32-bit_PSIonlySPS.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\JavaJRE_7u71_32-bit_PSIonlySPS.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\Gayle\Downloads\spywareblastersetup55.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\Gayle\Downloads\spywareblastersetup55.exe:$CmdZnID [26]

    ==================== Safe Mode (Whitelisted) ===================
     
  14. 2017/05/22
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the last batch of the Additional log:

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\...\1001movie.com -> 1001movie.com

    There are 6091 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2011-03-02 20:38 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3812855668-3064132733-4185535367-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Gayle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 2) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{5697D2D1-9D2D-469D-AF2D-0081C504B3F4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [{21636DB0-3A9F-428A-91A6-83992CB7100D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [{6C7D6467-3FE8-40EC-A81C-87664690009E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
    FirewallRules: [{FC553281-F692-4159-8EE0-7B202E70AE15}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B8F5DE21-D75D-4CB7-9BF7-01B51CA5D056}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{4EA40281-67DB-4634-8640-A43C8507DDC5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{71E0BD2F-0F6B-4011-8ED3-37FC1865986B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A0BDED5E-2F95-40D2-AB31-E45A64D929BA}] => (Allow) LPort=2869
    FirewallRules: [{F76594FB-AC17-49B1-8D7D-E5099BB838FE}] => (Allow) LPort=1900
    FirewallRules: [{74FCB625-3C9C-4209-A350-80231C1645D4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{578F27C0-11DC-42CC-806E-58BC871186A9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{6A3FF23B-1C78-42B7-B3CB-9D61D00AA3D6}] => (Allow) C:\Users\Gayle\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{BC98CB55-4905-40D1-AEDB-F401E51DE100}] => (Allow) C:\Users\Gayle\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{D8B57ED9-A43F-4BBF-A33A-7CFE54A38EDD}] => (Allow) C:\ProgramData\d41137\ISd41_289.exe
    FirewallRules: [{C6106DE7-EDAA-4980-83FD-817D2A4CB8A3}] => (Allow) C:\ProgramData\d41137\ISd41_289.exe
    FirewallRules: [{2CE1FBF2-812D-4BEB-AF49-55853EE6E56B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{1398ABE3-3717-4830-A950-78C9B9F9C965}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{55023AD9-D86C-4C88-8C40-EE034A758E3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{BB96D719-E13C-41BA-90A5-C9C5034E71C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4F3B3950-5F7A-41F9-82ED-AF31A9EEAC90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{508F7582-F37D-4BA3-9178-AC703030B28E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{1B847C80-80FD-4254-A0F4-3A28AB1AF4B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{85B561DA-1F2F-4131-BD6F-F1F0E1CB3468}] => (Allow) C:\Users\Gayle\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{D185E163-F367-4243-8C7F-82A268ADF07D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{37720F34-7352-4A7F-A37A-A029BCCE5982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{A7843705-6FEC-4F02-B619-C10F8E519459}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C8C9B672-D4D6-49A5-BB56-160B99A7E1A3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{37FEA1DF-FB1D-406C-BBBE-92467FFE23ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F0785C27-C89A-4723-A379-65E22B27FEC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{65918215-CBB6-4C23-B976-5B9E7185BEB7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{ADB67AA0-91B3-448D-AB92-8ACDC5AAD5E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    04-05-2017 15:26:21 Installed Java 8 Update 131
    05-05-2017 08:57:35 Windows Update
    06-05-2017 21:12:06 Windows Update
    09-05-2017 21:24:04 Windows Update
    10-05-2017 20:47:59 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/22/2017 05:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.18666, time stamp: 0x58f30f27
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x80000003
    Fault offset: 0x00150d06
    Faulting process id: 0x116c
    Faulting application start time: 0x01d2d35d13b15dc5
    Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Faulting module path: unknown
    Report Id: 5740afb3-3f50-11e7-85a1-f04da2617d55

    Error: (05/22/2017 03:42:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x80000003
    Fault offset: 0x001d0d06
    Faulting process id: 0x12ec
    Faulting application start time: 0x01d2d34cb7a2fda9
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: unknown
    Report Id: f69343ae-3f3f-11e7-be89-f04da2617d55

    Error: (05/22/2017 02:25:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x80000003
    Fault offset: 0x003b0d06
    Faulting process id: 0x1d48
    Faulting application start time: 0x01d2d341f5bd6a09
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: unknown
    Report Id: 346fcc48-3f35-11e7-be89-f04da2617d55

    Error: (05/22/2017 02:24:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x80000003
    Fault offset: 0x00480d06
    Faulting process id: 0x1664
    Faulting application start time: 0x01d2d341c63f484e
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: unknown
    Report Id: 052f8e54-3f35-11e7-be89-f04da2617d55

    Error: (05/22/2017 01:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x80000003
    Fault offset: 0x002e0d06
    Faulting process id: 0x12c
    Faulting application start time: 0x01d2d33bde0a9384
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: unknown
    Report Id: 1bceec27-3f2f-11e7-be89-f04da2617d55

    Error: (05/22/2017 01:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x80000003
    Fault offset: 0x00380d06
    Faulting process id: 0x1758
    Faulting application start time: 0x01d2d33bbc9139a9
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: unknown
    Report Id: fd2934a0-3f2e-11e7-be89-f04da2617d55

    Error: (05/22/2017 01:06:09 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (05/15/2017 08:48:04 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (05/14/2017 11:54:24 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x80000003
    Fault offset: 0x002f0d06
    Faulting process id: 0x16cc
    Faulting application start time: 0x01d2cce37f8b2d33
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: unknown
    Report Id: bf2705c9-38d6-11e7-8a46-f04da2617d55

    Error: (05/14/2017 08:10:11 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


    System errors:
    =============
    Error: (05/22/2017 05:32:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 05:32:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 05:32:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 05:32:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\System32\IWMSSvc.dll
    Error Code: 21

    Error: (05/22/2017 05:32:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 05:32:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 05:32:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 05:32:10 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
    {9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (05/22/2017 05:32:10 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
    {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (05/22/2017 05:32:07 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}


    CodeIntegrity:
    ===================================
    Date: 2017-05-22 19:32:35.449
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 19:32:35.173
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 18:00:28.586
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 18:00:28.337
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 17:36:40.965
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 17:36:40.716
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 17:25:28.514
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 17:25:28.280
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 17:21:35.447
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-05-22 17:21:35.120
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
    Percentage of memory in use: 44%
    Total physical RAM: 5876.3 MB
    Available physical RAM: 3275.93 MB
    Total Virtual: 11750.78 MB
    Available Virtual: 8470.9 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:326.24 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 35155DB8)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  15. 2017/05/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  16. 2017/05/23
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Thanks for the help, broni. I already ran a Malwarebytes scan this afternoon. It found 18 "objects," all of them PUP files and deemed harmless. I got rid of 6 of them, associated with old Auslogics defrag runs, and I left the others alone. Should I run it again after I do the RogueKiller steps, or won't you know until I've posted the RogueKiller results? It's getting near my bedtime now, so I may not get much more done tonight.
     
  17. 2017/05/23
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    broni, I ran the RogueKiller scan as directed but now there's no status box showing Scan Finished and there's no Delete button. There's a window that says 38 threat(s) detected and lists them. There is a button that says Open Report, but when I click on it there doesn't appear to be much of a report. There are some buttons to Open HTML, Open TXT, Export HTML and Export TXT. Clicking on the RogueKiller icon on my Desktop opens the same essentially empty window. Now what?
     
    Last edited: 2017/05/23
  18. 2017/05/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are any of 38 threats checkmarked?
     
  19. 2017/05/23
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Most of the 38 threats are marked as either PUM or PUP. Of the 38, 3 are checked -- all 3 are PUP.Gen1 folders, 2 of them in C:\ProgramData\Ask, the other in C:\Program Files (x86)\Viewpoint. All of the other 35, except for 1, are in the Registry.
     
    Last edited: 2017/05/23
  20. 2017/05/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go ahead with other scans
     
  21. 2017/05/24
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Complications. I already have Malwarebytes loaded and updated. Before I ran a scan I tried to clear the Desktop of open programs and everything froze. Had to restart and got an error message to the effect that "Windows could not connect to the System Event Notification Service service. This problem prevents limited users from logging on to the system." Went through a number of restarts, some a simple Restart, others required power off and reboot. Finally did a start in Safe Mode with Networking. Malwarebytes wouldn't open, but my Norton A-V asked if I wanted to do a Full System Scan. I did. 1.3M items were scanned, 0 security risks detected. Restarted, ran a Malwarebytes scan, selected all, deleted all, restarted. Got that "Windows could not connect to the System Event Notification Service service" error message again but opened Malwarebytes and History to get the log. Couldn't get it to highlight so I could copy and paste it into a reply to you. Opened it again as Administrator, still can't get the History log highlighted to send to you. That's where I am now. Has anything so far had a meaning for you? Should I do the AdwCleaner process now? Thanks for your patience with all this.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.