Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01 Ran by Supermatt (07-05-2018 14:12:41) Running from C:\Users\Supermatt\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-01-08 13:51:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3797239318-1157007529-570800937-500 - Administrator - Disabled) => C:\Users\Administrator.Supermatt-PC Guest (S-1-5-21-3797239318-1157007529-570800937-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3797239318-1157007529-570800937-1002 - Limited - Enabled) Supermatt (S-1-5-21-3797239318-1157007529-570800937-1000 - Administrator - Enabled) => C:\Users\Supermatt ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB} FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov) Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated) Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.3.0.33 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Alive Video Converter (version 3.1.8.6) (HKLM-x32\...\Alive Video Converter_is1) (Version: - AliveMedia, Inc.) Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - ) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Anime Studio Pro 10.1.1 (HKLM\...\ASP1011_is1) (Version: 10.1.1 - Smith Micro Software, Inc.) Anime Studio Pro 11.0 (HKLM\...\ASP1100_is1) (Version: 11.0 - Smith Micro Software, Inc.) AOMEI Partition Assistant Unlimited Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version: - AOMEI Technology Co., Ltd.) APK Studio (HKLM-x32\...\APK Studio d49d3de) (Version: d49d3de - Vaibhav Pandey) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk) Autodesk Maya LT 2015 (HKLM\...\{2FB97E5C-14A5-47C8-BD85-69CC70471291}) (Version: 15.10.373.0 - Autodesk) Hidden Autodesk Maya LT 2015 (HKLM\...\Autodesk Maya LT 2015) (Version: 15.10.373.0 - Autodesk) AVG PC TuneUp (HKLM-x32\...\{9C775BB6-1453-45EB-8C78-A5CC5199113D}) (Version: 16.77.3 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies) Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.1.115 - Avid Technology, Inc.) Bing Bar (HKLM-x32\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation) bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre (HKLM-x32\...\{7F1AA7AB-E4FB-46F7-AC2F-57D78D63A368}) (Version: 3.19.0 - Kovid Goyal) calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.) Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.) Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Chromodo (HKLM-x32\...\Chromodo) (Version: 48.12.18.254 - Comodo) Classware (HKLM-x32\...\{5F945DFC-3BD1-74F7-5090-8885D0F4B1C5}) (Version: 1.2.3 - Cambridge University Press Holdings Limited) Hidden Classware (HKLM-x32\...\Classware.D18242EEED0228FFB0408CDB0EFA905F46FFD844.1) (Version: v1.2.3.7574 - Cambridge University Press Holdings Limited) Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project) COMODO Internet Security Premium (HKLM\...\{4F6FC44D-AE9F-472B-8F00-B8388BC9AA04}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.2 - Foolish IT LLC) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1905.56 - CyberLink Corp.) DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology) Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON TX121 Series Printer Uninstall (HKLM\...\EPSON TX121 Series) (Version: - SEIKO EPSON Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers) e-Sword Macros for Word 2013 (HKLM-x32\...\{4A0259D2-7278-4B23-B594-60B4124015A6}) (Version: 10.04.0000 - Rick Meyers) e-Sword Macros for Word 2013 (HKLM-x32\...\{B9FDCE73-DC39-4671-8F2E-2CA5ACB924B0}) (Version: 10.02.0000 - Rick Meyers) ExamView Assessment Suite (HKLM-x32\...\{C59DE8FB-B81E-4386-B719-A8C95C16544B}) (Version: 8.1.107.70421 - eInstruction) ExamView Content (NG Life_Beginner) (HKLM-x32\...\{eebe1d9a-486c-40e7-ae07-1892b3b2b7b4}) (Version: 8.1.107.70421 - eInstruction) ExamView Content (NG Life_Elementary) (HKLM-x32\...\{ecb8a57a-21dc-4667-95f5-e2eff83733df}) (Version: 8.1.107.70421 - eInstruction) ExamView Content (NG Life_Pre-intermediate) (HKLM-x32\...\{78d3c66f-5c7d-4da7-96eb-4e405a5406f2}) (Version: 8.1.107.70421 - eInstruction) ExamView Content (NGL Our World Assess Level 1-3) (HKLM-x32\...\{8da61a8f-877e-443d-b448-3d1e60118184}) (Version: 8.1.107.70421 - eInstruction) ExamView Content (NGL Our World Assess Level 4-6) (HKLM-x32\...\{4431b83a-1e23-458e-9f6c-a1d8270b6694}) (Version: 8.1.107.70421 - eInstruction) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) FMW 1 (HKLM\...\{DFA0CE4A-C162-40C1-A977-12E60098EB72}) (Version: 1.227.11 - AVG Technologies) Hidden GameMaker Studio 2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\GameMakerStudio2) (Version: - ) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.) Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Hippo Animator 3.8 (HKLM\...\Hippo Animator 3) (Version: 3.8.5316.24610 - Hippo Studios) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.) HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com) IL Autogun (HKLM-x32\...\IL Autogun) (Version: - Image-Line) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Intel® Graphics Performance Analyzers 2013 R3 (HKLM\...\{B48DBBEE-2CCB-492E-2571-78ECE93329CB}) (Version: 13.3.0.207307 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.5 - PACE Anti-Piracy, Inc.) Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation) Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle) Kernel for VHD ver 12.06.01 (HKLM-x32\...\Kernel for VHD_is1) (Version: - Lepide Software Pvt.Ltd) LenovoTool 1.2.2_os (HKLM-x32\...\LenovoTool) (Version: 1.2.2_os - Lenovo) LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo) LifeBeg (HKLM-x32\...\{BC41E108-ACA5-25E9-039A-09085C1A15F0}) (Version: 1.0 - UNKNOWN) Hidden LifeBeg (HKLM-x32\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifeElem (HKLM-x32\...\{926447E2-8B00-F3D3-FA7A-73DE25CE5CF9}) (Version: 1.0 - UNKNOWN) Hidden LifeElem (HKLM-x32\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) LifePreInt (HKLM-x32\...\{76B7A5CD-3757-D3A7-7321-86677926B755}) (Version: 1.0 - UNKNOWN) Hidden LifePreInt (HKLM-x32\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN) Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6) MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG) MAGIX Independence Libraries Common Files (HKLM\...\{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG) Hidden MAGIX Independence Libraries Common Files (HKLM-x32\...\MAGIX_{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG) MAGIX Independence Pro 3.1 VST-Plugins (HKLM\...\{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG) Hidden MAGIX Independence Pro 3.1 VST-Plugins (HKLM-x32\...\MAGIX_{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG) MAGIX Independence Pro Software Suite 3.1 (HKLM\...\{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG) Hidden MAGIX Independence Pro Software Suite 3.1 (HKLM-x32\...\MAGIX_{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG) MAGIX Music Maker 2014 Premium (HKLM\...\{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG) MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM\...\{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM-x32\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM\...\{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Music Maker 2014 Premium (Visuals) (HKLM\...\{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 Premium (Visuals) (HKLM-x32\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Music Maker 2014 Premium Soundpools (HKLM\...\{095A41CD-2500-4783-AE28-87E05653CDE7}) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 Soundpools (HKLM\...\{6F1F7E62-A579-434C-9610-F6FE2930C02E}) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM\...\{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro) Math Resource Studio 5 (HKLM-x32\...\{946E9741-5FAE-4011-9019-BC1FAF3FE99D}) (Version: 5.0.14.1 - Schoolhouse Technologies) MCreator 1.7.7 (HKLM-x32\...\MCreator 1.7.7 Installer) (Version: - Pylo) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Toolkit 2.4.0.0 (HKLM-x32\...\Microsoft Toolkit 2.4.0.0) (Version: 2.4.0.0 - Microsoft) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg) MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.) MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others) Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG) Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD) Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation) Our World 1 AE 2.0 (HKLM-x32\...\Our World 1 AE 2.0) (Version: 1.0.0.0 - ) Our World 2 AE 2.0 (HKLM-x32\...\Our World 2 AE 2.0) (Version: 1.0.0.0 - ) Our World 4 AE 2.0 (HKLM-x32\...\Our World 4 AE 2.0) (Version: 1.0.0.0 - ) Our World 6 AE 2.0 (HKLM-x32\...\Our World 6 AE 2.0) (Version: 1.0.0.0 - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden Puran Utilities 3.1 (HKLM\...\Puran Utilities_is1) (Version: - Puran Software) Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated) RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Schoolhouse Test 4 (HKLM-x32\...\{F5C9D54B-C338-4EF1-89D4-94F369CFC061}) (Version: 4.0.3.3 - Schoolhouse Technologies) Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.2.0.89 - Avid Technology) Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid) Singing Coach 5 Pro (HKLM-x32\...\Singing Coach 5 Pro) (Version: 5.0.5.0 - Electronic Learning Products, Inc. ) Speech Support (HKLM-x32\...\Speech Support) (Version: - LEC) SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com) SuperBeam (HKLM\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 7 - LiveQoS Inc) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.14.0 - Synaptics Incorporated) Telegram Desktop version 1.0.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) Tixati (HKLM-x32\...\tixati) (Version: - ) Turbo Studio 17 (HKLM-x32\...\{80bc26f1-601d-4766-b205-404db5168343}) (Version: 17.0.1.0 - Code Systems) Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.3 - CrystalIDEA Software, Inc.) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.01 - NCH Software) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vita 2 (HKLM\...\{84CB6E60-E7CB-429F-AF9A-44F035889123}) (Version: 1.0.0.0 - MAGIX AG) Hidden Vita 2 add-on content (HKLM\...\{77C4AF18-19ED-489E-84D3-203E3862F6BC}) (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Drum Engine (HKLM\...\{5D8D5B24-732C-4AA6-ABFE-9EAFF12064A4}) (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Electric Piano (HKLM\...\{C1109FC5-35DA-403C-AE1D-99295EDB6FA9}) (Version: 1.0.2.0 - MAGIX AG) Hidden Vita Jazz Drums (HKLM\...\{7A22C523-501D-4FD2-B9AD-BBEE8AFAED44}) (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Pop Brass (HKLM\...\{3CAD92B3-6BA0-44A4-A546-162520A80BB3}) (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Power Guitar (HKLM\...\{96826F72-1E29-4AB8-9312-84E664DCE474}) (Version: 1.0.0.0 - MAGIX AG) Hidden Vita Vintage Organ (HKLM\...\{4F6B2EA9-4598-4653-B13A-E27AA387DC9B}) (Version: 1.0.1.0 - MAGIX AG) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.) Vocabulary Worksheet Factory 5 (HKLM-x32\...\{DCC3A680-485D-4C55-AEDE-A87483B99E54}) (Version: 5.0.20.4 - Schoolhouse Technologies) vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden WhatsApp (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WhatsApp) (Version: 0.2.8000 - WhatsApp) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation) WinDirStat 1.1.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WinDirStat) (Version: - ) Windows Driver Package - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.) Windows Driver Package - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation) WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wondershare Data Recovery(Build 5.0.3.13) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.3.13 - Wondershare Software Co.,Ltd.) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software) XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi) XiaoMiTool version 0.4.1 (HKLM-x32\...\{1A2DAE03-6903-4871-A909-237AB764A4B6}_is1) (Version: 0.4.1 - Francesco Tescari) Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.8.20150402 - Xilisoft) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\ChromeHTML: -> <==== ATTENTION ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] () ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} => -> No File ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal) ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-04-14] (VMware, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-04-14] (VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-16] (RealNetworks, Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-10] (Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.) ContextMenuHandlers6: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} => -> No File ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02170602-07F0-446E-8EF6-4FCF2D7FCE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {0FE1F78F-1F58-4105-9BDE-B3C6ED7DD4B2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {1A52B213-DA38-4CB7-BF83-8E1A4458448E} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.) Task: {217CAB11-5A88-4B6B-8196-A4DB24ADE963} - System32\Tasks\{B81634CD-E33F-477E-BE2A-01BA37F57777} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u77-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {268EAEAA-A07B-4AA6-9162-C427C41DEB1D} - System32\Tasks\Update\ProxyUpdate => C:\Windows\Prefetch\AVG_PCTuneUp.exe <==== ATTENTION Task: {2A4C739A-E4F7-4C74-AF24-3F7327C1C522} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {2D159C88-B96E-48E4-87F6-84431EADC166} - System32\Tasks\{FDB7A662-A7D5-4A80-88F5-8A1C522277DD} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u65-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {35541BD8-08B8-456E-977E-5ABF73EA6E11} - System32\Tasks\Intel(R) GPA Monitor 13.3 => C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe [2015-09-14] (Intel Corporation) Task: {3704F14D-700A-4BAE-A91E-66B9EA645E52} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO) Task: {3AE3FB84-1465-4EBA-B033-D42FECA4FA61} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {3B379C0B-3EAA-438B-BF2B-70A69A3F725C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) Task: {3BD3C4D8-5152-4ABB-ACB9-F60AE7A8216E} - System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe Task: {44256EF3-D3FB-4FAB-B907-6740E3065266} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd) Task: {47B38BDB-0F7A-4FDB-9956-602A9CCBD69D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {4F68631E-92EC-4599-8299-E5B773FEE018} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO) Task: {582212B9-A012-48FD-915E-975D0E0ED486} - System32\Tasks\{276A30E3-DC17-4817-B9CF-7C12127C6DE2} => C:\Windows\system32\pcalua.exe -a C:\Users\Supermatt\Desktop\MiFlashUnlock_1.1.0317.1_en\MiUsbDriver.exe Task: {58526FD5-F666-4078-B306-47B0D26CB9AA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.) Task: {59BB5577-DD6F-4D2D-A725-2A3A440C2A0F} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO) Task: {5C1D53F2-A431-4D09-9788-5288219B42B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {62D1B557-2D88-412B-A8EE-670747BB8D9C} - \RealPlayer (32-bit) -> No File <==== ATTENTION Task: {7D57EBF5-3183-4D3C-B0D2-EE0509E50F84} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-03-14] (COMODO) Task: {8F4CF6A0-B45B-4E52-9009-C505F9D7A091} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2015-04-17] (COMODO CA Limited) Task: {906A2DDB-F2B5-443F-A1FF-80906798196F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-03-14] (COMODO) Task: {9318C4DF-FB4C-4824-9DC9-A68C7E1F1356} - System32\Tasks\{68C7E2F1-CCB1-4233-86C7-DEDEADAC0D88} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microvirt\MEmu\uninstall\uninstall.exe" -c -u Task: {9EA43A95-A8CD-4975-B11A-748D6AC8948D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2017-09-16] (RealNetworks, Inc.) Task: {A207CBFF-F373-4A2B-B8D7-218E07F1F27C} - System32\Tasks\{D7259A02-C46F-4BF8-AFFA-C68E495F17D5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {A9EE4656-CBCB-40A3-AD82-BD7D16B21D4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {AC6746AC-3DDB-4151-A4FD-E07E2AE93159} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO) Task: {AFDA95AA-E786-438B-994E-9AF9C9915827} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {B0C50936-9A0B-408D-95D3-92E39A4583F2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.) Task: {B24A5D00-4852-4973-BF13-57FE01076CA3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-23] (Adobe Systems Incorporated) Task: {B9D978BB-B3D5-4B06-9602-D416B970ACE0} - System32\Tasks\SUPERAntiSpyware Scheduled Task c8d4cec7-3213-4dad-986f-f07cc5b45c2b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com) Task: {C9C4CB60-7785-4BFB-8AB1-7CEE5D431073} - System32\Tasks\{983DFDD9-AB89-45AD-8EFD-BAFE6774E08C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Security Task Manager\Setup.exe" -d "C:\Program Files (x86)\Security Task Manager" Task: {D2E424D9-CBBF-40E0-94DB-B3DCE6506001} - System32\Tasks\SUPERAntiSpyware Scheduled Task 21c10e27-ccfc-4374-ba01-ca0342dad29e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com) Task: {E00DAAA3-C20A-4AAA-B36F-38F78DE05BA1} - System32\Tasks\{8902A5A3-54A0-4BBF-892E-12ED7A2F33E5} => C:\Windows\system32\pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION Task: {E20FE766-DA34-4D12-92B8-EAA36B178DE7} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Task: {E620F070-9DCA-4003-9542-72629F7DB336} - System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe Task: {F253961A-27C4-473E-BCE3-AC65C4E55B84} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2015-01-29] (Acer Incorporated) Task: {F9A4D47A-3C11-494D-9AB2-342BFBEAC2BB} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28] (Oracle Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 21c10e27-ccfc-4374-ba01-ca0342dad29e.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c8d4cec7-3213-4dad-986f-f07cc5b45c2b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Supermatt\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm ==================== Loaded Modules (Whitelisted) ============== 2017-08-29 05:56 - 2018-03-14 00:17 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll 2017-08-29 05:56 - 2018-03-14 00:17 - 000244416 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll 2009-09-21 15:04 - 2009-09-21 15:04 - 001501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2017-07-20 16:03 - 2017-09-07 15:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2013-10-17 11:23 - 2013-10-17 11:23 - 008866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-05-18 05:42 - 2016-05-18 05:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2010-06-25 09:08 - 2010-06-25 09:08 - 000173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2015-02-28 09:21 - 2015-12-25 15:28 - 001328632 _____ () C:\Program Files (x86)\DFX\DFX.exe 2015-02-28 09:14 - 2015-12-25 15:28 - 000133624 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe 2015-02-28 09:18 - 2015-12-25 15:28 - 000134648 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe 2015-02-28 09:48 - 2015-12-25 15:28 - 000051192 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll 2015-02-28 09:43 - 2015-12-25 15:28 - 000052216 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll 2018-04-19 10:59 - 2016-06-24 02:07 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\autoexec.bat:$CmdTcID [64] AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\BcmBtRSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bdsandboxuh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdsandboxuiskin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\btwdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNC280C.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNC280I.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNC280L.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNC280O.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNMIUAA.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNMLMAA.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\difx64.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\E_IBCBGGI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gfxSrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GfxUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hccutils.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\hkcmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ig4icd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxcmjit64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxcmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxCoIn_v2993.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IGFXDEVLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxdo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxexps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxpers.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxpph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrara.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrchs.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrcht.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrcsy.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrdan.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrdeu.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrell.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrenu.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxresn.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxress.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrfin.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrfra.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrheb.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrhrv.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrhun.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrita.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrjpn.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrkor.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrnld.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrnor.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrplk.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrptb.lrc:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\igfxrptg.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrrom.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrrus.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrsky.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrslv.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrsve.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrtha.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxrtrk.lrc:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxsrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igfxTMM.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\igfxtray.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IntcDAuC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek264.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioVnA64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxAudioVnN64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RtkAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTKSMlfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTKSMSettingsIPC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SupportTool.exe.bat:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SynCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SynCtrl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SynGlwPadShlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SynTPAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SynTPCo8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmnetbridge.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vnetinst.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CNC280L.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CNC280U.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ig4icd32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igdumdx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igfxcmjit32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igfxcmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igfxdv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igfxexps32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MaxxAudioAPOShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Microsoft Toolkit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReWire.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\subinacl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SynCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SynCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SynTPCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SynTPEnhPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ViewPDF01.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vorbis.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wPDFView01.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\androidusb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\aswTap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bcbtums.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\btwaudio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\btwl2cap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\btwrchid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\CisUtMonitor.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cmnxusbser.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cnnctfy3.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfx11_1x64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfx12x64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\IntcDAud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\IntelHaxm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\k57nd60a.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\leusbser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndiskhaz.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\SynTP.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tapSF0901.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tmactmon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TMEBC64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tmeevw.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tmevtmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tmnciesc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tmusa.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TosBtCi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tosporte.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbnp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tosrfcom.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Tosrfhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tosrfnds.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TosRfSnd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tosrfusb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TurboB.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSB.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmnetadapter.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmnetbridge.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wcmvcam64.sys:$CmdTcID [64] AlternateDataStreams: C:\ProgramData\cis28B.exe:$CmdTcID [64] AlternateDataStreams: C:\ProgramData\cis6DFC.exe:$CmdTcID [64] AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [169] AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\1-100 pic.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\1-75.png:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\1. Chairein.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO (1).docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\10. MICHAEL.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\12. BILLY.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\13. SAMANTHA.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\2. HENOKH.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle - English.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104 (1).pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\20160105.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\20160113.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\2337_the_simple_past_tense.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\3. ALFEUS.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\31785_whats_the_weather_like.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\32186_jobs__occupations.ppt:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\3650559416010026653.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\4. VICTORIA.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\43_____Macmillan_English_Grammar_in_Context__gnv__..torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\461785816034XXXX.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\4745_the_present_perfect_tense.pptx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\488939-images-of-soccer-field.jpeg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\5. SHALOM.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX (1).pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\6 Kung Fu Secrets for Flexibility & Higher Kicks.mp4:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\6. CECILIA.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\67Grammar_Games_For_Children______..torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\7. JASON'S.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\7010296916010026635.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\8. NATHAN.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\8m05bb36g04.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN (1).docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\9. THIERY.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\adjectives.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\All MTK USB Driver 2014.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Analytic-Rubric-Template.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\ANSWER SHEET GRADE 4-6 TEST 1 SEMESTER 2 2017.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (1).pptx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (2).pptx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions.pptx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\A_Better_Camera_Unlocked_v3.31.TROJAN.ONHAX.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible 2.jpeg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible.jpeg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Blood Moon Rise.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Bluetooth_Broadcom_6.3.0.6000_W7x64_A.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\book on a desk.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy and girl talking.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy in a musem.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy soldier.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\boy-girl- Hello.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\brickman.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\C._K.Chu_-_The_Book_of_Nei_Kung_1st_ed.pdf.torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\calibre-64bit-2.38.0.msi:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\can-you-tell-me-the-way.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\CAT B GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\cat in a box.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160118_0055794802.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160418_0060467347.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript (1).doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\cn+v5-8gb.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\coherence-cohesion.ppt:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\com.nuance.swype.trial_2.1.0.2010030.41841-2010030_minAPI14(armeabi)(nodpi).apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Cows can't do that.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Crazy katy.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\cu31924031764594.epub:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\D467_Storytelling_handbook_FINAL_web.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\demonstrative-pronouns.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\DriverBackupAxioo9G.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\drove a car.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Dungeon Master II - The Legend of Skullkeep.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\dungeon-master-2.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2-w-instructions.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\EC FINALTEST MAY 2015.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\english-pronouns.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\English_Grammar_in_Use_rd_Edition_CD___Demonoid.com___..torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20093122229851430194.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2009521133639530074079.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20096719959341029384.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201021914855766628530.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201022401613547116161.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201098125924964636505.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2011629165151324736806.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201421402831610.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2016122233302070.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016 (1).pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_04192016.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\EXE.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\EX_Kernel_Manager_2.55.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part1.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part2.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\F8CB.tmp:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Family Sturcture.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\FBFBBBAD0DD7E14D41B8610E16DD97E18AFDD350.torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\FE Advanced - the MoonX.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Fire Resque.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\FL_SM_v2.0.1[Androidiha.com].apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\fragment.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\FRX07.1_Full_Bundle_20110901.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_1.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_2.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_1.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_2.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Fundamentals_of_English_Grammar-Teacher_s_Guide_0130136344.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\GBX0A_Full_Bundle_11.3.2011.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Girl and Boy talking.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Globe1.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist (1).doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist (1).doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 5- 6 SPELLBEE 2015.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\guitar-sale-poster.png:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\hard work.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to go to the dentist.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to take out the trash.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Hobbies.png:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Holistic-Rubric-Template.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\HostsMan_4.6.103_installer.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\House burn.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Hubble space from NASA.Gov.jpeg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\HxDSetupEN.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM Integration Extention.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM.6.25.Build.12-Maherz.softarchive.net.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\idman.6.26.2f.softarchive.la.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\IDMGCExt.crx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh.mp3:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh_Adonai_(Hebrew)_Elisheva_Shomron_(w_lyrics).mp3:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Kernel.VHD.12.06.01.softarchive.net.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\kernel_injector.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Lazy guy.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Lenovo-P780-ReParted-0.2.2-ID-EN-Aroma.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\listening test 1 semester 2 grade 7 - 9 2016 - 2017.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\little-girl-in-museum.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\making-words-negative-verbs.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\man-falling-down-stairs1.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\manual.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\map_places-in-town.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MEGA-RECOVERYKEY.txt:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Men can't do that.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\meteos-mtk6589-rom-edit-8gb-en.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MicrosoftFixit50641.msi:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MiFlashUnlock_1.1.0317.1_en.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\mintywhite-1003-fonts-megapack.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Mounts2SD-3.4.8-unlocked.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MSTK.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MT65xx-Port-Lewa.7z:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\MTK6589_Partition_4GB_8GB_16GB.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\mysteries.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\never drove a car.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\never rode a horse.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\NewGoogleInstaller2.0MS.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\NewKingrootV4.82_C138_B250_en_release_2016_03_09_105203.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\numbers.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Old man boarding.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\P780ROW_8Gb_ReParted_Data_no_int_sd_no_backup.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Paramedic help.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\paraphrasing plant cycle-6.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\parts-of-a-plant.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Patch_V6-2015-07-01.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\PATRICIA1812_503535968.CSV:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\People can't do that.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\plant-vocabulary-worksheet.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment 2.png:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\produkey-x64.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Puppy for sale.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\puppy under a tree.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Pure_Graphic_HD_Tweak.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Reflex_Bow-Pleasure_Paradox-GApps-ODEX-saga.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\REMA-TIP-TOP-SC2000-Cement-Bonding-Procedures-Rev4.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Remix_OS_for_PC_Android_M_64bit_B2016112101.torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Rode a horse.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\row+v5-8gb.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\RUGOS_0.TTF:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Rules.png:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Samuel.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Santo (Kadosh) .mp3:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\scaryman.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\ScatterEditor_v1.06.7z:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Scatter_files_4GB_and_8GB.7z:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Seeder-2.0.0.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1040.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1106.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Sharp dressed man.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\SileadTouch.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\SILVA-Sniper.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\simple present tense daily routines exercises worksheet.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-1 (1).docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-2.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS (1).doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\souvenirs.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\spelling bee word list.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\stack-mvp-membership-resources-6ae8.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\sunrise_182853.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\SUPERAntiSpyware.Pro.6.0.1212.sanet.me.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\superbeam-setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\swimming.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Talking together.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017 (1).docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\test3-openrecovery-TWRP-saga-2.8.1.2-unofficial.img:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\The Middle East in Jesus Day.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\toporesize-0.7.1.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\touch-driver-win8-10.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\TPDriver.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-studio-17.0.794.1.msi:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.4.0rev2-p780row.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.7.1rev1-p780row+.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\UAPM-1.41.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\ubuntu-14.04.4-desktop-i386.iso.torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Unconfirmed 820659.crdownload:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\unit-3.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\UPDATE-SuperSU-v2.46.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\UWT.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\VHDTool.w32.1.0-b1.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\WeatherMonitor.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\well dressed girl.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\What's your name.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\Win.KMS.Activator.Ultimate.2016.3.0.softarchive.la.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\WinDroid 7 (GGT) 09-04-2016 0-18-37.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\x-demonoidcom-x_over_70_english_grammar_and_writing_books_5100102926.torrent:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\xposed-v80-sdk22-arm64-MIUI-edition-by-SolarWarez-20160217.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\XposedInstaller_3.0_alpha4.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Supermatt\Downloads\[limetorrents.cc]Malwarebytes.Anti-Malware.Premium.2.1.8.1057.Multilingual...KeyGen.by.FFF.torrent:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %* ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\sony.com -> sony.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-09-12 23:18 - 2016-12-17 00:32 - 000000697 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 license.superantispyware.com 127.0.0.1 tonec.com 127.0.0.1 http://www.tonec.com 127.0.0.1 internetdownloadmanager.com 0.0.0.0 license.superantispyware.com 0.0.0.0 keystone.mwbsys.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.3.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: DragonSvc => 3 MSCONFIG\Services: FlexNet Licensing Service 64 => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RealPlayerUpdateSvc => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk" HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk" HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "ADSKAppManager" HKLM\...\StartupApproved\Run32: => "PowerDVD12DMREngine" HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent" HKLM\...\StartupApproved\Run32: => "ISUSPM" HKLM\...\StartupApproved\Run32: => "MagicPlusHelper" HKLM\...\StartupApproved\Run32: => "TkBellExe" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "RealDownloader" HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent" HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "ISUSPM" HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "Messenger (Yahoo!)" HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "GoogleDriveSync" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{219A26F1-820B-49F7-B661-6C4E6944FC2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{AAAA85EC-D718-47C9-879C-CDA8579CEFF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{705D0812-999F-4EF8-8025-FFA528D0E6D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{80E07C3D-27C6-47CF-8574-218C777634AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{9848B36B-2273-4286-BF90-C2B5466218E2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe FirewallRules: [{6F5EA031-9D3E-4CB9-8F7D-9A40E84582ED}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe FirewallRules: [{87BC4FC3-2EB9-476F-9BB0-DE43EC4B3C67}] => (Allow) LPort=26675 FirewallRules: [TCP Query User{9DAF9614-B9CF-4360-BDF7-6B2C919C1F08}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe FirewallRules: [UDP Query User{5E34C749-0653-4A6F-A3E0-A49DEAA7974D}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe FirewallRules: [{3754294B-8BC5-409F-B742-3D4DB2D82D78}] => (Allow) LPort=51001 FirewallRules: [{CE38EE3F-28BE-444A-A851-C14A7EEE0DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{8A0746D9-2F0D-4D23-A0EB-85FB8C59C068}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{0B2529E6-9DCF-451A-B3F5-1A29AFC0D005}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2968D884-222C-4949-BA1D-5AE2871B37FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{717759C5-69C3-4E26-B94C-3195D192A090}] => (Allow) LPort=51001 FirewallRules: [TCP Query User{79F7CDED-6AC6-4D56-A3FF-0993692193FC}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe FirewallRules: [UDP Query User{7C74F8CF-3178-4E87-8461-C3E22F58B130}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe FirewallRules: [{C5604AA7-992D-4CCB-8CEB-0F774590582D}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe FirewallRules: [{85E81382-982E-4DC7-9488-F0B13DBE20CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{0022D6B1-7412-4FA2-B941-CC9CC80AF313}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{AAF0200E-A99F-484B-88DD-31680040AB7C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [{AC0B44C7-FB73-499A-A74A-537201C64AA8}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [{FD1E42B2-3866-4BC7-B7CC-2E4EFA78BBAB}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe FirewallRules: [{A8C5307B-204A-4D37-AB9D-B92A42C31853}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{FB183F9E-6CEC-4CBF-B482-D0647D4D7F83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{9E6A5106-9A61-419D-8BD2-BC947901BB3D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{56C037E2-0A93-42E4-9547-FC027885C4A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{6C1857C7-8DD9-4830-A921-AB9EFE6799DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{F20B86A7-CAC9-4BF8-8B0C-FF956FA04AD7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [TCP Query User{1794799F-581F-4D42-A2EA-8107C64E181E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe FirewallRules: [UDP Query User{1D2BD891-2C37-4825-9E90-86328CF4945E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe FirewallRules: [{D582C995-C7C4-45BC-80B6-D9EC290B85D2}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe FirewallRules: [{5C2A35BE-D115-46D0-81DE-4FDC493A134C}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe FirewallRules: [{D3A755B2-C040-419E-BB8D-5A0E1A85A434}] => (Allow) LPort=8080 FirewallRules: [{02FFB931-CD4D-4B17-BDA6-D75E1BB10A7E}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe FirewallRules: [{27D72650-BB1A-456A-B524-C7BEAED4FAF9}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe FirewallRules: [{286DC3F0-C4B8-419E-9431-C1A34A1B4656}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe FirewallRules: [{8339AEBF-2F6E-4822-A7D0-9CD7FD90361B}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe FirewallRules: [{60BC5D15-6BDE-48CE-A1F3-220D15C2DFDD}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe FirewallRules: [{6A17B749-DC74-46E5-9372-143DA0658AF0}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe FirewallRules: [{D1255087-7376-482A-9997-246634CE9C89}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe FirewallRules: [{3288B3B5-C77A-4E44-8B9A-3380D4679FBF}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe FirewallRules: [{6E2601F2-02AB-4D75-BE72-ED4D258538E9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{FEE5923B-4360-48B6-8921-ADF4A4D7FF64}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{22A4CDB9-0712-421B-A4F5-47328E5673E2}] => (Allow) LPort=7935 FirewallRules: [{6FDEC213-17B7-449F-A107-AA36C0B3CB02}] => (Allow) C:\Windows\SysWOW64\router.exe FirewallRules: [TCP Query User{B0CA7870-EE47-4CD0-AE1D-840F0019323E}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe FirewallRules: [UDP Query User{A35E3EB5-8AE3-4C09-A4DB-024B80BCD2A4}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe FirewallRules: [TCP Query User{7294E9ED-8FF7-43D3-B62D-640521C54937}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe FirewallRules: [UDP Query User{D1388B3A-DDC7-416E-BAB4-993690A1BF3A}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe FirewallRules: [{D8368476-864A-4ECA-B099-C05D851CB68D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2621560F-4D18-498B-87A1-57AF8CE63EA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A8C91258-814D-4C2C-93F4-84E16EFC64ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4FFFDBAD-5CAD-4679-B3B0-E93DC90FC6AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BE2522F0-A7BC-429B-A14D-6ADF52657A8E}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe FirewallRules: [{CF44B602-D564-4384-B8C6-565D3BD0C9D6}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe FirewallRules: [{CC846382-CC29-4046-A8DB-D39D3375CC9D}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe FirewallRules: [{60CB4EC5-7966-44CA-999C-4E623543290A}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe FirewallRules: [{48B2E9D5-9083-4DAB-9A59-8CC242D86704}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe FirewallRules: [{5E3F9622-3508-450F-9C87-5FF416430443}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe FirewallRules: [{526BD3DF-653B-4ABD-93DA-0A65DCEBC387}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe FirewallRules: [{11C51389-8697-4972-83E3-0DA53541B953}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe FirewallRules: [{8C089F28-6842-444C-8022-39AC99CAE226}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe FirewallRules: [{91A56486-9729-4326-9EFA-432BB85D8F21}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe FirewallRules: [{0A90557A-DA7B-477D-B9A2-32ABC7026234}] => (Allow) LPort=17234 FirewallRules: [{F724E459-45E6-4AD0-98CB-50B4B5068122}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe FirewallRules: [{0EA1ACAC-67E7-4B25-B10C-AB3D7AC8B4FB}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe FirewallRules: [{291BBA65-4AB4-458E-B33B-0C37F2CF719B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{F791C0A0-D5CE-407D-BD89-D525C9CAEFA1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{90BA8D38-E7A8-4830-9CDB-DCF48A6894E3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{BCB8BD7E-2521-4551-96F6-3D99F8A624C5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{7D8BFB07-6AF2-4380-8E48-FD2B18D910F6}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe FirewallRules: [{6418B01D-8DFA-4722-8942-AF673C661486}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy FirewallRules: [{592A0725-5F25-40EF-9DB3-7C6E823657E0}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe FirewallRules: [{7109E65B-E4A1-4B09-8A8C-C7A4D7C00EA1}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe FirewallRules: [{02FE2634-D65F-4430-B855-A78C6BAE88FD}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe FirewallRules: [{D8BE8888-629A-4AFA-B6E0-75E40B4E3F23}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{8AE424B6-BFB7-455B-AE17-5D821A455C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{EC9EB48D-E841-4687-B421-45BCD07D0EC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{8A3BF257-E86D-4A8D-945A-F475DAF09348}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe FirewallRules: [{A519E786-F885-47A0-AC8C-2AA235288156}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy FirewallRules: [{F6C97284-8D40-4FC7-BC40-75B818AA48DA}] => (Allow) LPort=8080 FirewallRules: [{D1D458A2-2D9D-4467-B5AD-6FBE36B636DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 04-05-2018 14:53:23 Buddy safe 04-05-2018 16:34:55 Windows Backup ==================== Faulty Device Manager Devices ============= Name: memudrv Description: memudrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: memudrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/07/2018 01:52:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/07/2018 01:37:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/06/2018 05:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/05/2018 11:51:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/05/2018 05:47:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/05/2018 05:33:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/05/2018 04:24:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/05/2018 03:12:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f58 Start Time: 01d3e4482c769914 Termination Time: 13 Application Path: C:\Windows\system32\mmc.exe Report Id: 9322a4fc-503b-11e8-880e-f07bcbf0f62a System errors: ============= Error: (05/07/2018 02:02:47 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Error: (05/07/2018 01:54:01 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. Error: (05/07/2018 01:53:44 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Error: (05/07/2018 01:51:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WebcamMax, WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (05/07/2018 01:51:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The memudrv service failed to start due to the following error: The system cannot find the path specified. Error: (05/07/2018 01:48:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Security Center service terminated with the following error: The authentication service is unknown. Error: (05/07/2018 01:47:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/07/2018 01:47:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. CodeIntegrity: =================================== Date: 2017-11-12 23:12:24.098 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-12 23:12:23.973 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-12 23:04:32.628 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-12 23:04:32.581 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-05 22:49:57.890 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-05 22:49:57.827 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-05 15:02:37.109 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-05 15:02:36.953 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz Percentage of memory in use: 34% Total physical RAM: 5812.5 MB Available physical RAM: 3834.38 MB Total Virtual: 11952.71 MB Available Virtual: 9650.7 MB ==================== Drives ================================ Drive c: (Disk4) (Fixed) (Total:529.09 GB) (Free:234.32 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (Disk2) (Fixed) (Total:402.32 GB) (Free:168.33 GB) NTFS Drive m: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:357.14 GB) NTFS \\?\Volume{05205e46-78e8-11e3-9a7e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 01C54DC0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=402.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=529.1 GB) - (Type=0F Extended) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C03BCFB4) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================