Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by eea (2016-04-10 04:34:59) Running from C:\Users\eea\Desktop Windows 10 Home Version 1511 (X64) (2016-01-28 11:39:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= DefaultAccount (S-1-5-21-2078009098-672532629-1064675910-503 - Limited - Disabled) eea (S-1-5-21-2078009098-672532629-1064675910-1001 - Administrator - Enabled) => C:\Users\eea Järjestelmänvalvoja (S-1-5-21-2078009098-672532629-1064675910-500 - Administrator - Disabled) Vieras (S-1-5-21-2078009098-672532629-1064675910-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9} AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Extreme Security Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.3.1025 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto) Hotspot Shield 5.2.1 (HKLM-x32\...\HotspotShield) (Version: 5.2.1 - AnchorFree Inc.) Hotspot Shield 5.2.1 Embedded (x32 Version: 5.2.1.0 - Buildbot) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Malwarebytes Anti-Malware versio 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) NVIDIA 3D Vision -ohjain 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision -ohjain 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.2.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.46 - NVIDIA Corporation) NVIDIA Grafiikkaohjain 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation) NVIDIA HD-ääniohjain 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX-järjestelmäohjelmisto 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) PC Tune-Up (x32 Version: 2.2.0.1 - ZoneAlarm) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.40 - NCH Software) WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH) ZoneAlarm Antivirus (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 14.1.057.000 - Check Point) ZoneAlarm Find My Laptop (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Parental Controls (Version: 7.2.6.1 - ContentWatch) Hidden ZoneAlarm Security (x32 Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2078009098-672532629-1064675910-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\eea\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3AE48A33-F859-4C99-A64F-B417AD8EC26D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-08] (Microsoft Corporation) Task: {D00D6B8F-EB0D-4D58-A4FA-6BD70B16AED1} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-04-09 22:14 - 2016-03-22 05:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 00368184 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-03-02 21:24 - 2016-03-02 21:24 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-04-07 00:48 - 2014-05-08 13:39 - 00014632 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mlfhook64.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-03-02 21:24 - 2016-03-02 21:24 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-01-28 14:56 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 21:24 - 2016-03-02 21:24 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-28 14:57 - 2016-01-05 04:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-28 14:56 - 2016-01-05 04:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-28 14:57 - 2016-01-16 08:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-28 14:57 - 2016-01-16 08:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-07 00:48 - 2014-05-08 13:39 - 00379176 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk64.dll 2016-04-07 00:48 - 2014-05-08 13:40 - 00111912 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\crsrpt64.dll 2016-04-07 00:48 - 2014-05-08 13:39 - 00223528 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu64.dll 2015-11-26 06:51 - 2015-11-26 06:51 - 00794920 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll 2016-02-17 22:43 - 2016-02-17 22:43 - 00166528 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll 2016-02-04 04:52 - 2016-02-04 04:52 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll 2009-03-27 23:02 - 2009-03-27 23:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll 2009-03-27 23:02 - 2009-03-27 23:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll 2016-04-09 22:15 - 2016-03-24 08:35 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-03-12 17:50 - 2016-03-11 03:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-03-12 17:50 - 2016-04-01 03:30 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-03-12 17:50 - 2016-03-31 23:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-12 17:50 - 2016-03-12 17:51 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-03-12 17:50 - 2016-02-09 04:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2016-03-12 17:50 - 2016-03-12 17:51 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\accountaccessor.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ActiveSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppointmentActivation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CallHistoryClient.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cemapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ClipSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\configurationclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceCensus.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceEnroller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\domgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dosvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\enterprisecsps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ExSMime.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ExtrasXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\flvprophandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontdrvhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fwbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fwpolicyiomgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MBMediaManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MCRecvSrc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MDMAppInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\modernexecserver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSFlacDecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetSetupSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ngckeyenum.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ngcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhoneCallHistoryApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PimIndexMaintenance.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PimIndexMaintenanceClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\POSyncServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provpackageapidll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PsmServiceExtHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QuickActionsDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SecConfig.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SharedStartModel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmsRouterSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncController.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Unistore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserDataLanguageUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserDataService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VCardParser.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WiFiConfigSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wifinetworkmanager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wifiprofilessettinghandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32kbase.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Shell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininetlui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XblAuthManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XblGameSave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppointmentActivation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CallHistoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cemapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ExSMime.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontdrvhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fwbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fwpolicyiomgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSFlacDecoder.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PhoneCallHistoryApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\POSyncServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncController.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Unistore.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VCardParser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WiFiDisplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininetlui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\xboxgip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\xinputhid.sys:$CmdTcID [64] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-01-28 04:24 - 2016-04-09 16:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2078009098-672532629-1064675910-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 62.145.169.130 - 213.145.216.231 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Wecsvc => 3 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{9D9A0985-E1CD-41AA-9E72-4257EC7C91DF}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [UDP Query User{DDEC0806-52C5-4B2D-B8AA-16814032D337}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{777CA57F-FCAA-48B2-BB69-004AAC26E4FA}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{AE541387-075F-4F57-8B23-CF9155589A0B}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe FirewallRules: [{04A3BF11-643A-4311-A7CB-1B272C83114B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E7FF31DB-BFF7-42CC-B4D4-AB6A013E5A31}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0E37919C-50E3-4F72-9DE7-CE6EFF2E67C8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C5BF505B-3E6C-4AEE-AAFF-30B771E93FF9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{526FFD59-7109-4162-90B2-950EAB80BE24}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe FirewallRules: [UDP Query User{C674F215-0E67-493E-964B-1359ECD65D70}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe FirewallRules: [{CBAD63CF-027E-4B92-90E8-A954E941574B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AF7680E6-33CF-458D-9CC0-7EBE00D0B0DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{3D169CD7-55C8-48B7-A1BF-658FA637CFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{6624CA0D-69EA-49F6-87B8-CFCEFD52F160}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{DB20DC08-2BFC-4070-A4A2-2FDA99DB88C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [{9043F19D-C7D8-40BD-830C-B2708D0ABA8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [{50A95AED-F029-4A34-90B9-DEF8FA16EF4C}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe FirewallRules: [{A78A36B6-0F85-428E-97D3-14EDCFFE9CB0}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe FirewallRules: [{0349232A-2060-42A2-A118-F50A7DB99DE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{A8C8AAAA-DB97-4196-9C34-64534DC64F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{F5C35E91-90E6-46FB-B13D-EA636A6DC5ED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6B7C5FCC-E319-4AA3-816A-150D39020C60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe FirewallRules: [{9C0F8010-C17A-4963-A384-F603F573AB6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe FirewallRules: [{D82CDB82-6D78-4614-AA02-58C153955558}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{3E232E2A-417E-46EE-9417-EAA9DBA1E525}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{9311ECD4-881D-49A7-83F0-4EBD242BB8B3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{CFEBAAAE-C40C-41A4-87BA-5E974B782B6B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{043F2E43-7383-42F5-AF61-5C3639666D8F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B0C92032-862E-4BBC-9940-31FCC17DAA5C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{98372305-9FFC-4F03-AF43-C0C656D1F5AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{68349F0B-9D66-4CB3-94CD-869160C2B9CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{1D683601-C5CF-472B-8FF0-0B0925ABB07D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{AFF74EE7-3904-49A7-8904-DBD6747EB415}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EFDDB5D8-8387-4E0E-80F0-1931A26933EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe ==================== Restore Points ========================= 07-04-2016 17:13:57 new 09-04-2016 21:36:03 DDU System Restored Point ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/09/2016 09:38:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AAA) Description: Sovelluksen Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca aktivointi epäonnistui, virhe: -2144927149. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error: (04/09/2016 09:36:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoftin linkkikerroksen etsintäprotokolla. System Error: Käyttö estetty. . Error: (04/09/2016 09:21:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Viallisen sovelluksen nimi: GFWLClient.exe, versio: 3.5.67.0, aikaleima: 0x52178fb2 Viallisen moduulin nimi: unknown, versio: 0.0.0.0, aikaleima: 0x00000000 Poikkeuskoodi: 0xc0000005 Virhepoikkeama: 0x01c723f5 Viallisen prosessin tunnus: 0x540 Viallisen sovelluksen käynnistysaika: 0xGFWLClient.exe0 Viallisen sovelluksen polku: GFWLClient.exe1 Viallisen moduulin polku: GFWLClient.exe2 Raportin tunnus: GFWLClient.exe3 Viallisen paketin koko nimi: GFWLClient.exe4 Viallisen paketin suhteellinen sovellustunnus: GFWLClient.exe5 Error: (04/09/2016 09:21:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Sovellus: GFWLClient.exe Framework-versio: v4.0.30319 Kuvaus: Prosessi keskeytettiin käsittelemättömän poikkeuksen vuoksi. Poikkeuksen tiedot: System.NullReferenceException kohteessa Microsoft.GamesForWindows.LiveClient.Messaging.CommandPipe.IsDownloadAndInstallationQueueDrained() kohteessa Microsoft.GamesForWindows.LiveClient.Messaging.CommandPipe.Shutdown() kohteessa Microsoft.GamesForWindows.LiveClient.Messaging.CommandPipe.ListenerThread() kohteessa System.Threading.ThreadHelper.ThreadStart_Context(System.Object) kohteessa System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) kohteessa System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) kohteessa System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) kohteessa System.Threading.ThreadHelper.ThreadStart() Error: (04/07/2016 09:54:25 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={C828BF26-13BA-4B1B-ACBC-BDC54052234A}: The user AAA\eea dialed a connection named ChangeIP VPN which has failed. The error code returned on failure is 807. Error: (04/07/2016 09:53:50 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={ED59C55C-E71C-4363-B007-ECFD0B860B4D}: The user AAA\eea dialed a connection named ChangeIP VPN which has failed. The error code returned on failure is 691. Error: (04/07/2016 05:14:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoftin linkkikerroksen etsintäprotokolla. System Error: Käyttö estetty. . Error: (04/07/2016 12:37:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Salauspalvelut eivät voineet käsitellä OnIdentity()-kutsua järjestelmän kirjoitusobjektissa. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoftin linkkikerroksen etsintäprotokolla. System Error: Käyttö estetty. . Error: (04/07/2016 12:15:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: AAA) Description: Paketti windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel lopetettiin, koska sen pysäytys kesti liian kauan. Error: (04/07/2016 12:15:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Viallisen sovelluksen nimi: explorer.exe, versio: 10.0.10586.104, aikaleima: 0x56aaffa0 Viallisen moduulin nimi: ntdll.dll, versio: 10.0.10586.122, aikaleima: 0x56cbf9dd Poikkeuskoodi: 0xc000000d Virhepoikkeama: 0x00000000000f5670 Viallisen prosessin tunnus: 0x1a74 Viallisen sovelluksen käynnistysaika: 0xexplorer.exe0 Viallisen sovelluksen polku: explorer.exe1 Viallisen moduulin polku: explorer.exe2 Raportin tunnus: explorer.exe3 Viallisen paketin koko nimi: explorer.exe4 Viallisen paketin suhteellinen sovellustunnus: explorer.exe5 System errors: ============= Error: (04/10/2016 04:24:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta) Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä Error: (04/10/2016 04:18:34 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta) Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä Error: (04/10/2016 04:14:14 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta) Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä Error: (04/10/2016 04:13:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Palvelu Synkronoi isäntä_824a7 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen. Error: (04/10/2016 04:13:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta) Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä Error: (04/10/2016 03:53:26 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta) Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä Error: (04/10/2016 03:46:56 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta) Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä Error: (04/10/2016 03:42:51 AM) (Source: DCOM) (EventID: 10010) (User: AAA) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (04/10/2016 03:42:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Palvelu Synkronoi isäntä_25506 on päättynyt odottamatta. Tämä on tapahtunut 1 kertaa. 10000 millisekunnin kuluttua suoritetaan seuraava korjaustoimi: Käynnistä palvelu uudelleen. Error: (04/10/2016 03:42:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-hallinta) Description: sovelluskohtainenPaikallinenAktivointi{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-hallintaSYSTEMS-1-5-18LocalHost (LRPC käytössä)Ei käytettävissäEi käytettävissä CodeIntegrity: =================================== Date: 2016-04-09 15:17:49.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-07 00:39:00.571 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-07 00:25:13.789 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-07 00:15:21.878 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-07 00:06:21.936 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 22:15:56.115 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 17:56:21.019 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-05 21:55:20.589 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-05 19:22:21.294 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-05 18:22:24.610 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 25% Total physical RAM: 8156.88 MB Available physical RAM: 6113 MB Total Virtual: 9436.88 MB Available Virtual: 7368.6 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:884.83 GB) (Free:778.01 GB) NTFS Drive f: (Records) (Fixed) (Total:46.19 GB) (Free:43.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00053681) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=884.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=46.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================