Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fail to remove rootkit [Solved]

Started by samidelcueva , May 16 2016 02:56 PM
rootkit

  • This topic is locked This topic is locked

#1
samidelcueva
Posted 16 May 2016 - 02:56 PM

samidelcueva

    Member

  • Member
  • PipPip
  • 67 posts

i've got infected by a rootkit that was detected by tdss killer several times, (i attach the logs), but my computer still freezes, and i cant access to Avast.

 

Thanks for the help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Ran by samuel (administrator) on DESKTOP-REU8NRJ (16-05-2016 14:43:06)
Running from C:\Users\samuel\Desktop
Loaded Profiles: samuel (Available Profiles: samuel)
Platform: Windows 10 Home Version 1511 (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\syswow64\esif_uf.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2015-07-29] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [14679464 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-16] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2016-05-11] (Atheros Communications)
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\...\RunOnce: [Uninstall C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-16] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{7359337a-7816-4a0e-9985-e1d2c61bc22c}: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Internet Explorer:
==================
 
FireFox:
========
FF ProfilePath: C:\Users\samuel\AppData\Roaming\Mozilla\Firefox\Profiles\3cr0p7ei.default
FF Extension: LastPass - C:\Users\samuel\AppData\Roaming\Mozilla\Firefox\Profiles\3cr0p7ei.default\extensions\[email protected] [2016-05-11]
FF Extension: HTTPS-Everywhere - C:\Users\samuel\AppData\Roaming\Mozilla\Firefox\Profiles\3cr0p7ei.default\extensions\[email protected] [2016-05-11]
FF Extension: Privacy Badger - C:\Users\samuel\AppData\Roaming\Mozilla\Firefox\Profiles\3cr0p7ei.default\Extensions\[email protected] [2016-05-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-16] (AVAST Software)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-03-30] (Comodo)
R2 DptfParticipantDisplayService; C:\Windows\System32\DptfParticipantDisplayService.exe [141944 2015-07-29] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\Windows\System32\DptfParticipantProcessorService.exe [115656 2015-07-29] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\System32\DptfPolicyConfigTDPService.exe [116680 2015-07-29] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\System32\DptfPolicyCriticalService.exe [148160 2015-07-29] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\System32\DptfPolicyLpmService.exe [124904 2015-07-29] (Intel Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2015-10-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-29] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-05-12] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AntiLog32; C:\WINDOWS\system32\drivers\AntiLog64.sys [49752 2016-05-11] (Zemana Ltd.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-16] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-16] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-08-09] (ASUS Corporation)
S3 BrSerIf; C:\Windows\System32\drivers\BrSerIf.sys [97280 2015-11-15] (Brother Industries Ltd.)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2015-07-29] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2014-09-15] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2014-09-15] (Intel Corporation)
S3 DptfDevGen; C:\Windows\System32\drivers\DptfDevGen.sys [78504 2014-09-15] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2014-09-15] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2014-09-15] (Intel Corporation)
S3 DptfDevProc; C:\Windows\System32\drivers\DptfDevProc.sys [290256 2014-09-15] (Intel Corporation)
S3 DptfManager; C:\Windows\System32\drivers\DptfManager.sys [495320 2014-09-15] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-10-04] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-10-04] (Intel Corporation)
S3 HWHandSet; C:\Windows\System32\drivers\hw_quusbmdm.sys [223232 2015-11-01] (Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\Windows\System32\drivers\hw_usbdev.sys [116864 2015-11-01] (Huawei Technologies Co., Ltd.)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [46856 2015-07-30] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [132360 2015-10-04] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2015-07-26] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2015-07-26] (Intel Corporation)
R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-05-12] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-12] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-04] (Intel Corporation)
R3 necbatt; C:\Windows\System32\drivers\necbatt.sys [28512 2015-10-02] (NEC Personal Computers, Ltd.)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-05-16] (AVAST Software)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 ssudserd; C:\Windows\System32\drivers\ssudserd.sys [206080 2015-11-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [143592 2015-08-14] (STMicroelectronics)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 14:43 - 2016-05-16 14:44 - 00013139 _____ C:\Users\samuel\Desktop\FRST.txt
2016-05-16 14:42 - 2016-05-16 14:43 - 02382336 _____ (Farbar) C:\Users\samuel\Desktop\FRST64.exe
2016-05-16 14:10 - 2016-05-16 14:10 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-05-16 14:10 - 2016-05-16 14:09 - 00161760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2016-05-16 14:03 - 2016-05-16 14:03 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2016-05-16 14:03 - 2016-05-16 14:03 - 00001969 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2016-05-16 14:03 - 2016-05-16 14:03 - 00000000 ____D C:\Users\samuel\AppData\Roaming\AVAST Software
2016-05-16 14:02 - 2016-05-16 14:37 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-05-16 14:02 - 2016-05-16 14:01 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00536312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-05-16 14:02 - 2016-05-16 14:01 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-05-16 14:02 - 2016-05-16 14:01 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-05-16 14:01 - 2016-05-16 14:01 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-05-16 13:59 - 2016-05-16 14:10 - 00000000 ____D C:\Program Files\AVAST Software
2016-05-16 13:58 - 2016-05-16 14:10 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-16 13:55 - 2016-05-16 13:55 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2016-05-16 13:50 - 2016-05-16 13:58 - 05139680 _____ (AVAST Software) C:\Users\samuel\Desktop\avast_premier_antivirus_setup_online.exe
2016-05-16 13:50 - 2016-05-16 13:58 - 05139680 _____ (AVAST Software) C:\Users\Public\Desktop\avast_premier_antivirus_setup_online.exe
2016-05-12 15:33 - 2016-05-12 15:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-12 15:29 - 2016-05-12 15:29 - 22851472 _____ (Malwarebytes ) C:\Users\samuel\Desktop\mbam-setup-downloaded.exe
2016-05-12 15:29 - 2016-05-12 15:29 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-12 15:29 - 2016-05-12 15:29 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-12 15:29 - 2016-05-12 15:29 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-12 15:29 - 2016-05-12 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-12 15:29 - 2016-05-12 15:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-12 15:29 - 2016-05-12 15:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-12 15:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-12 15:26 - 2016-05-12 15:28 - 00267194 _____ C:\TDSSKiller.3.1.0.9_12.05.2016_15.26.09_log.txt
2016-05-12 15:22 - 2016-05-12 15:24 - 00260926 _____ C:\TDSSKiller.3.1.0.9_12.05.2016_15.22.01_log.txt
2016-05-12 15:18 - 2016-05-12 15:20 - 00265812 _____ C:\TDSSKiller.3.1.0.9_12.05.2016_15.18.54_log.txt
2016-05-11 21:37 - 2016-05-11 21:37 - 11439791 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.cab
2016-05-11 21:36 - 2016-05-11 21:37 - 118489088 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.etl
2016-05-11 21:21 - 2016-05-11 21:21 - 11087153 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_6.cab
2016-05-11 21:20 - 2016-05-11 21:20 - 88080384 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_6.etl
2016-05-11 21:16 - 2016-05-11 21:16 - 08480007 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_5.cab
2016-05-11 21:15 - 2016-05-11 21:15 - 93323264 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_5.etl
2016-05-11 21:05 - 2016-05-11 21:05 - 07266509 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_4.cab
2016-05-11 21:04 - 2016-05-11 21:05 - 90177536 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_4.etl
2016-05-11 20:59 - 2016-05-11 20:59 - 08798688 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_3.cab
2016-05-11 20:57 - 2016-05-11 20:58 - 176160768 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_3.etl
2016-05-11 20:55 - 2016-05-11 21:42 - 00000000 ____D C:\Users\samuel\AppData\Local\CrashDumps
2016-05-11 20:41 - 2016-05-11 20:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-05-11 18:38 - 2016-05-11 19:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 18:38 - 2016-05-11 18:38 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 18:20 - 2016-05-11 18:20 - 04906118 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.cab
2016-05-11 18:19 - 2016-05-11 18:19 - 92274688 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.etl
2016-05-11 18:10 - 2016-05-11 18:10 - 03318563 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.cab
2016-05-11 18:09 - 2016-05-11 18:09 - 125829120 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.etl
2016-05-11 15:45 - 2016-05-11 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-05-11 15:45 - 2016-05-11 15:45 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-05-11 15:43 - 2016-05-11 15:43 - 01192976 _____ (Microsoft Corporation) C:\Users\samuel\Downloads\sdksetup.exe
2016-05-11 15:41 - 2016-05-11 15:41 - 06775650 _____ C:\Users\samuel\Downloads\DPTF_Intel_Win81_64_VER7102105.zip
2016-05-11 15:40 - 2016-05-11 15:40 - 02718645 _____ C:\Users\samuel\Downloads\SerialIO_Intel_Win81_64_VER111650.zip
2016-05-11 15:40 - 2016-05-11 15:40 - 01798575 _____ C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER849014.zip
2016-05-11 15:39 - 2016-05-11 15:39 - 01816892 _____ C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER8490116.zip
2016-05-11 15:32 - 2016-05-11 15:32 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Atheros
2016-05-11 15:32 - 2016-05-11 15:32 - 00000000 ____D C:\ProgramData\Atheros
2016-05-11 15:24 - 2016-05-11 15:24 - 00000000 ____D C:\Users\samuel\Documents\Bluetooth Folder
2016-05-11 15:23 - 2016-05-12 15:20 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2016-05-11 15:23 - 2016-05-11 15:28 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2016-05-11 15:22 - 2016-05-11 15:22 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2016-05-11 15:13 - 2016-05-11 15:13 - 00000000 ____D C:\Users\samuel\Documents\Mis archivos recibidos
2016-05-11 15:10 - 2016-05-11 15:12 - 99066375 _____ C:\Users\samuel\Downloads\Bluetooth_QualcommAtheros_Win81_64_VER801318.zip
2016-05-11 15:10 - 2016-05-11 15:12 - 38942651 _____ C:\Users\samuel\Downloads\Bluetooth_Intel_Win81_64_VER3113110402.zip
2016-05-11 15:10 - 2016-05-11 15:11 - 33628697 _____ C:\Users\samuel\Downloads\Buletooth_Intel_Win81_64_VER17014050464.zip
2016-05-11 15:00 - 2016-05-11 15:00 - 00000032 _____ C:\WINDOWS\0
2016-05-11 15:00 - 2016-05-11 15:00 - 00000000 ____D C:\Program Files (x86)\Ralink Corporation
2016-05-11 15:00 - 2016-05-11 15:00 - 00000000 _____ C:\WINDOWS\system32\0
2016-05-11 14:56 - 2016-05-11 14:56 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2016-05-11 14:55 - 2016-05-11 14:55 - 03892224 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2016-05-11 14:55 - 2016-05-11 14:55 - 00000000 ____D C:\WINDOWS\Options
2016-05-11 14:55 - 2014-03-25 22:51 - 00092643 ____N C:\WINDOWS\system32\athwbx.cat
2016-05-11 14:54 - 2016-05-11 14:54 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2016-05-11 14:53 - 2016-05-11 14:58 - 131795316 _____ C:\Users\samuel\Downloads\WiFi_Intel_Win81_64_VER17015.zip
2016-05-11 14:53 - 2016-05-11 14:54 - 41429300 _____ C:\Users\samuel\Downloads\WLAN_QualcommAtheros_Win81_64_VER1000287.zip
2016-05-11 14:52 - 2016-05-11 14:58 - 00382212 _____ C:\WINDOWS\system32\Drivers\FW7650.bin
2016-05-11 14:52 - 2016-05-11 14:52 - 00000000 ____D C:\ProgramData\Ralink Driver
2016-05-11 14:52 - 2014-04-21 16:29 - 00382212 _____ C:\WINDOWS\SysWOW64\Drivers\FW7650.bin
2016-05-11 14:50 - 2016-05-11 14:51 - 25597605 _____ C:\Users\samuel\Downloads\WLAN_Ralink_Win81_64_VER50470.zip
2016-05-11 14:49 - 2016-05-11 15:04 - 00000000 ____D C:\ProgramData\USBChargerPlus
2016-05-11 14:45 - 2016-05-11 14:45 - 00003104 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2016-05-11 14:39 - 2016-05-16 14:40 - 00000431 _____ C:\Users\samuel\AppData\Roaming\sp_data.sys
2016-05-11 14:39 - 2016-05-11 14:39 - 00003060 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2016-05-11 14:33 - 2016-05-11 14:34 - 07082490 _____ C:\Users\samuel\Downloads\Splendid_Win81_64_VER3010003.zip
2016-05-11 14:33 - 2016-05-11 14:33 - 11383528 _____ C:\Users\samuel\Downloads\USBChargerPlus_Win81_64_VER319.zip
2016-05-11 14:33 - 2016-05-11 14:33 - 00160580 _____ C:\Users\samuel\Downloads\KBFilter_Win81_64_VER1005.zip
2016-05-11 14:33 - 2016-05-11 14:33 - 00000000 ____D C:\Program Files (x86)\ST Microelectronics
2016-05-11 14:32 - 2016-05-11 14:32 - 00000000 ____D C:\Program Files\ASUS
2016-05-11 14:31 - 2016-05-11 14:32 - 24661004 _____ C:\Users\samuel\Downloads\HDDProtection_Win81_64_VER4070057.zip
2016-05-11 14:31 - 2016-05-11 14:31 - 06365995 _____ C:\Users\samuel\Downloads\ASUS_FlipLock_Win81_64_VER105.zip
2016-05-11 14:30 - 2016-05-11 14:30 - 11642209 _____ C:\Users\samuel\Downloads\BackTracker_Win81_64_VER309.zip
2016-05-11 14:29 - 2016-05-11 14:30 - 34556270 _____ C:\Users\samuel\Downloads\SmartGesture_Win81_64_VER2219.zip
2016-05-11 14:23 - 2016-05-11 14:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-11 14:15 - 2016-05-11 14:15 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:15 - 2016-05-11 14:15 - 00000000 ____D C:\ProgramData\AmUStor
2016-05-11 14:15 - 2016-05-11 14:15 - 00000000 ____D C:\Program Files (x86)\AmUStor
2016-05-11 14:14 - 2016-05-11 14:14 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 14:14 - 2016-05-11 14:14 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 14:14 - 2016-05-11 14:14 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 14:14 - 2016-05-11 14:14 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 14:14 - 2016-04-22 20:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 14:14 - 2016-04-18 16:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 14:12 - 2016-05-11 14:18 - 149382687 _____ C:\Users\samuel\Downloads\VGA_Intel_MSHybrid_Win81_64_VER101810349601.zip
2016-05-11 14:12 - 2016-05-11 14:13 - 16382199 _____ C:\Users\samuel\Downloads\CardReader_Alcor_Win81_64_VER2041011743857.zip
2016-05-11 14:11 - 2016-05-11 14:22 - 362930299 _____ C:\Users\samuel\Downloads\VGA_nVidia_Win81_64_VER918133311.zip
2016-05-11 14:07 - 2016-05-11 14:10 - 125225427 _____ C:\Users\samuel\Downloads\VGA_Intel_Broadwell_Win81_64_VER1018144112.zip
2016-05-11 14:06 - 2016-05-11 14:06 - 13335403 _____ C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034(1).zip
2016-05-11 07:54 - 2016-05-11 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-05-11 07:54 - 2016-05-11 07:54 - 00003646 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2016-05-11 07:52 - 2016-05-11 07:52 - 13335403 _____ C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034.zip
2016-05-11 07:52 - 2016-05-11 07:52 - 13105628 _____ C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100037.zip
2016-05-11 07:51 - 2016-05-11 07:51 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2016-05-11 07:50 - 2016-05-11 07:50 - 00000000 ____D C:\Users\samuel\AppData\Roaming\WinRAR
2016-05-11 07:50 - 2016-05-11 07:50 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-11 07:50 - 2016-05-11 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-11 07:49 - 2016-05-11 07:50 - 00000000 ____D C:\Program Files\WinRAR
2016-05-11 07:49 - 2016-05-11 07:49 - 02090888 _____ C:\Users\samuel\Downloads\winrar-x64-531es.exe
2016-05-11 07:47 - 2016-05-11 07:47 - 05619485 _____ C:\Users\samuel\Downloads\Chipset_Intel_Win81_64_VER9401027.zip
2016-05-11 07:25 - 2016-04-22 01:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-05-11 07:24 - 2016-05-11 07:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-05-11 07:23 - 2016-05-16 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-05-11 07:23 - 2016-05-11 07:23 - 00000000 ____D C:\Users\samuel\AppData\Local\Comodo
2016-05-11 07:23 - 2016-05-11 07:23 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-05-11 07:19 - 2016-05-11 07:19 - 00049752 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\AntiLog64.sys
2016-05-11 07:19 - 2016-05-11 07:19 - 00000000 __HDC C:\ProgramData\{02A8F2F7-A05E-4DC5-950D-52243BB4C610}
2016-05-11 07:18 - 2016-05-11 07:19 - 00000000 ____D C:\Users\samuel\AppData\Local\Zemana
2016-05-11 07:18 - 2016-05-11 07:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
2016-05-11 07:18 - 2016-05-11 07:19 - 00000000 ____D C:\Program Files (x86)\AntiLogger
2016-05-11 07:18 - 2016-05-11 07:18 - 00000000 ____D C:\WINDOWS\SysWOW64\ZALSDK_uninst
2016-05-11 07:18 - 2016-05-11 07:18 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2016-05-11 07:18 - 2014-12-30 13:31 - 07039960 _____ (Zemana Ltd.) C:\WINDOWS\SysWOW64\ZALSDKCore.dll
2016-05-11 07:18 - 2014-12-30 13:31 - 00076520 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2016-05-11 07:17 - 2016-05-11 07:24 - 00000000 ____D C:\Users\samuel\AppData\Local\Mozilla
2016-05-11 07:17 - 2016-05-11 07:18 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Mozilla
2016-05-11 07:17 - 2016-05-11 07:17 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-11 07:17 - 2016-05-11 07:17 - 00001218 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-11 07:17 - 2016-05-11 07:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-11 07:17 - 2016-05-11 07:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-11 07:16 - 2016-05-11 07:17 - 14739888 _____ (Zemana Ltd. ) C:\Users\samuel\Downloads\Zemana_AntiLogger_1.9.3.602.exe
2016-05-11 07:15 - 2016-05-11 07:20 - 231936176 _____ (COMODO) C:\Users\samuel\Downloads\cispremium_installer_6100_08.exe
2016-05-11 07:15 - 2016-05-11 07:15 - 00242296 _____ C:\Users\samuel\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-11 07:14 - 2016-05-11 07:14 - 00000000 ____D C:\Users\samuel\AppData\Local\MicrosoftEdge
2016-05-11 07:13 - 2016-05-11 07:13 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-05-11 07:12 - 2016-05-11 07:12 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Intel
2016-05-11 07:12 - 2016-05-11 07:12 - 00000000 ____D C:\ProgramData\Intel
2016-05-11 07:12 - 2016-05-11 07:12 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-11 07:12 - 2016-05-11 07:12 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-05-11 07:11 - 2016-05-11 15:45 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-11 07:09 - 2016-05-11 07:09 - 00000000 ____D C:\Users\samuel\Desktop\Install
2016-05-11 07:05 - 2016-05-16 14:03 - 01483062 _____ C:\WINDOWS\ntbtlog.txt
2016-05-11 07:03 - 2016-05-11 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZTE Controlador USB del teléfono
2016-05-11 07:03 - 2016-05-11 07:03 - 00000000 ____D C:\Program Files\ZTE_Handset_USB_Driver
2016-05-11 07:03 - 2014-03-17 09:58 - 00133960 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsser.sys
2016-05-11 07:03 - 2013-09-11 14:26 - 00175808 _____ (ZTE Corporation) C:\WINDOWS\system32\Drivers\zghsnet.sys
2016-05-11 07:03 - 2013-03-19 16:38 - 00821544 _____ C:\WINDOWS\adb.exe
2016-05-11 07:03 - 2012-11-09 15:14 - 00062728 _____ (VIA Telecom) C:\WINDOWS\system32\Drivers\viahsser.sys
2016-05-11 07:03 - 2012-10-31 16:02 - 00032136 _____ (Via Telecom, Inc.) C:\WINDOWS\system32\Drivers\viahsets.sys
2016-05-11 07:03 - 2012-06-20 11:51 - 00020232 _____ (HandSet Incorporated) C:\WINDOWS\system32\Drivers\massfilter_hs.sys
2016-05-11 07:03 - 2011-10-26 15:31 - 00067608 _____ (Google, inc) C:\WINDOWS\AdbWinUsbApi.dll
2016-05-11 07:03 - 2011-08-15 16:43 - 00102936 _____ (Google, inc) C:\WINDOWS\AdbWinApi.dll
2016-05-11 07:02 - 2016-05-11 07:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-05-11 06:59 - 2016-05-11 07:00 - 00247102 _____ C:\TDSSKiller.3.1.0.9_11.05.2016_06.59.32_log.txt
2016-05-11 06:58 - 2016-05-12 15:21 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-11 06:56 - 2016-05-11 08:01 - 00000000 ____D C:\WINDOWS\pss
2016-05-11 06:55 - 2016-05-11 07:08 - 00002368 _____ C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-11 06:55 - 2016-05-11 06:55 - 00000000 ____D C:\Users\samuel\AppData\Local\ElevatedDiagnostics
2016-05-11 06:55 - 2016-05-11 06:55 - 00000000 ____D C:\Users\samuel\AppData\Local\ActiveSync
2016-05-11 06:54 - 2016-05-11 06:55 - 00000000 ____D C:\Users\samuel\AppData\Local\Comms
2016-05-11 02:45 - 2016-05-11 02:45 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-05-11 02:45 - 2016-05-11 01:11 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-11 02:44 - 2016-05-11 18:50 - 00000000 ____D C:\Windows.old
2016-05-11 02:44 - 2016-05-11 02:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-05-11 02:43 - 2016-05-11 02:43 - 00000000 ____D C:\Program Files\STMicroelectronics
2016-05-11 02:42 - 2016-05-11 02:42 - 00000000 ____D C:\ProgramData\SetupTPDriver
2016-05-11 02:41 - 2016-05-11 02:41 - 00000000 ____D C:\WINDOWS\Setup
2016-05-11 02:34 - 2016-05-11 02:34 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-05-11 02:34 - 2016-05-11 02:34 - 00000000 ____D C:\WINDOWS\OCR
2016-05-11 02:34 - 2016-05-11 02:34 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-05-11 02:34 - 2016-05-11 02:34 - 00000000 ____D C:\Program Files\MSBuild
2016-05-11 02:34 - 2016-05-11 02:34 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-05-11 02:34 - 2016-05-11 02:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-05-11 02:32 - 2016-05-16 14:41 - 00817872 _____ C:\WINDOWS\system32\perfh00A.dat
2016-05-11 02:32 - 2016-05-16 14:41 - 00158676 _____ C:\WINDOWS\system32\perfc00A.dat
2016-05-11 02:32 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\SysWOW64\es
2016-05-11 02:32 - 2016-05-11 02:31 - 00346516 _____ C:\WINDOWS\system32\perfi00A.dat
2016-05-11 02:32 - 2016-05-11 02:31 - 00043804 _____ C:\WINDOWS\system32\perfd00A.dat
2016-05-11 02:31 - 2016-05-11 02:31 - 00000000 ____D C:\WINDOWS\system32\es
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-05-11 02:27 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-05-11 02:27 - 2016-05-11 02:27 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-05-11 02:27 - 2016-05-11 02:27 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-05-11 02:27 - 2016-05-11 02:27 - 00000000 ____D C:\WINDOWS\system32\0409
2016-05-11 02:27 - 2016-05-11 02:27 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-05-11 02:22 - 2016-05-11 18:38 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 02:22 - 2016-05-11 18:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 02:20 - 2016-05-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 02:20 - 2016-05-16 13:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-11 02:20 - 2016-05-12 15:39 - 00000000 ____D C:\WINDOWS\appcompat
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-11 02:20 - 2016-05-11 20:46 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 __RSD C:\WINDOWS\Media
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-05-11 02:20 - 2016-05-11 20:45 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-05-11 02:20 - 2016-05-11 20:44 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 02:20 - 2016-05-11 14:59 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-11 02:20 - 2016-05-11 06:55 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-11 02:20 - 2016-05-11 06:53 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-05-11 02:20 - 2016-05-11 02:44 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-05-11 02:20 - 2016-05-11 02:34 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-05-11 02:20 - 2016-05-11 02:34 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-05-11 02:20 - 2016-05-11 02:32 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-05-11 02:20 - 2016-05-11 02:32 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-05-11 02:20 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-05-11 02:20 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-05-11 02:20 - 2016-05-11 02:32 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\WINDOWS\system32\Com
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\WINDOWS\IME
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\WINDOWS\Help
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-05-11 02:20 - 2016-05-11 02:31 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-05-11 02:20 - 2016-05-11 02:27 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-05-11 02:20 - 2016-05-11 02:27 - 00000000 ____D C:\WINDOWS\system32\setup
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Web
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Vss
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\tracing
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\TAPI
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SystemResources
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SystemApps
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\ras
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\IME
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\ias
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\System
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SKB
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\ShellNew
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\security
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\schemas
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\SchCache
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Resources
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Registration
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\PLA
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Performance
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\InputMethod
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Globalization
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Cursors
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\Branding
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\addins
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\ProgramData\Comms
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\Program Files\Windows NT
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-05-11 02:20 - 2016-05-11 02:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-05-11 02:20 - 2016-05-11 02:17 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-05-11 02:20 - 2016-05-11 02:17 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-05-11 02:20 - 2016-05-11 02:17 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-05-11 02:20 - 2016-05-11 02:17 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-05-11 02:20 - 2016-05-11 02:17 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-05-11 02:20 - 2016-05-11 02:16 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-05-11 02:20 - 2016-05-11 02:16 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-05-11 02:20 - 2016-05-11 02:16 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-05-11 02:20 - 2016-05-11 02:16 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-05-11 02:20 - 2016-05-11 02:16 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-05-11 02:20 - 2016-05-11 02:16 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-05-11 02:20 - 2016-05-11 02:16 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-05-11 02:20 - 2016-05-11 02:16 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-05-11 02:20 - 2016-05-11 02:16 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-05-11 02:20 - 2016-05-11 02:16 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-05-11 02:20 - 2016-05-11 02:16 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-05-11 02:20 - 2016-05-11 02:15 - 00000219 _____ C:\WINDOWS\system.ini
2016-05-11 02:20 - 2016-05-11 02:15 - 00000092 _____ C:\WINDOWS\win.ini
2016-05-11 02:20 - 2016-05-11 01:17 - 00000000 ____D C:\WINDOWS\rescache
2016-05-11 02:20 - 2016-05-11 01:14 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-05-11 02:20 - 2016-05-11 01:14 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-05-11 02:20 - 2016-05-11 01:07 - 00000000 __RHD C:\Users\Public\Libraries
2016-05-11 02:20 - 2016-05-11 01:07 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-05-11 02:20 - 2016-05-11 01:06 - 00000000 ____D C:\WINDOWS\system32\spool
2016-05-11 02:20 - 2016-05-11 01:06 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-05-11 02:20 - 2016-05-11 01:02 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-11 02:20 - 2016-05-11 00:56 - 00000000 ____D C:\ProgramData\USOPrivate
2016-05-11 02:18 - 2016-05-16 14:41 - 00000000 ____D C:\WINDOWS\INF
2016-05-11 02:02 - 2016-05-11 19:13 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 01:49 - 2015-10-30 00:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-05-11 01:48 - 2016-05-16 14:06 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-05-11 01:48 - 2016-05-11 02:31 - 00000000 ____D C:\WINDOWS\servicing
2016-05-11 01:48 - 2016-05-11 02:20 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-05-11 01:48 - 2016-05-11 00:56 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-11 01:16 - 2016-05-11 01:16 - 00030632 _____ C:\Users\samuel\Desktop\Aplicaciones quitadas.html
2016-05-11 01:16 - 2016-05-11 01:16 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-05-11 01:15 - 2016-05-16 14:38 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-05-11 01:14 - 2016-05-11 01:14 - 00000000 ____D C:\Users\samuel\AppData\Local\Publishers
2016-05-11 01:13 - 2016-05-11 22:36 - 00000000 ____D C:\Users\samuel\AppData\Local\Packages
2016-05-11 01:13 - 2016-05-11 01:13 - 00000000 ____D C:\Users\samuel\AppData\Roaming\Adobe
2016-05-11 01:13 - 2016-05-11 01:13 - 00000000 ____D C:\Users\samuel\AppData\Local\VirtualStore
2016-05-11 01:13 - 2016-05-11 01:13 - 00000000 ____D C:\Users\samuel\AppData\Local\TileDataLayer
2016-05-11 01:12 - 2016-05-11 01:12 - 00000020 ___SH C:\Users\samuel\ntuser.ini
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default\My Documents
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\Default User
2016-05-11 01:11 - 2016-05-11 01:11 - 00000000 _SHDL C:\Users\All Users
2016-05-11 01:08 - 2016-05-16 14:41 - 02153000 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-11 01:05 - 2016-05-16 14:11 - 00000000 ____D C:\Users\samuel
2016-05-11 01:05 - 2016-05-11 01:05 - 00000000 _SHDL C:\Users\samuel\My Documents
2016-05-11 01:05 - 2016-05-11 01:05 - 00000000 _SHDL C:\Users\samuel\Documents\My Videos
2016-05-11 01:05 - 2016-05-11 01:05 - 00000000 _SHDL C:\Users\samuel\Documents\My Pictures
2016-05-11 01:05 - 2016-05-11 01:05 - 00000000 _SHDL C:\Users\samuel\Documents\My Music
2016-05-11 00:59 - 2016-05-11 00:59 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2016-05-11 00:58 - 2016-05-16 14:36 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-11 00:58 - 2016-05-11 14:45 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-05-11 00:58 - 2016-05-11 00:58 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-05-11 00:58 - 2015-07-18 00:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-05-11 00:58 - 2015-07-18 00:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-05-11 00:57 - 2016-05-11 07:12 - 00000000 ____D C:\Program Files\Intel
2016-05-11 00:56 - 2016-05-11 15:12 - 00000000 ____D C:\Program Files (x86)\Intel
2016-05-11 00:56 - 2016-05-11 00:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_INVN_MotionApps_01_11_00.Wdf
2016-05-11 00:56 - 2016-05-11 00:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2016-05-11 00:56 - 2016-05-11 00:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf
2016-05-11 00:56 - 2016-05-11 00:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2016-05-11 00:56 - 2016-05-11 00:56 - 00000000 ____D C:\ProgramData\USOShared
2016-05-11 00:56 - 2016-05-11 00:56 - 00000000 ____D C:\Program Files\DIFX
2016-05-11 00:56 - 2015-01-09 10:25 - 00023216 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\stdcfltn.sys
2016-05-11 00:54 - 2016-05-11 00:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
2016-05-11 00:50 - 2015-10-30 01:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-05-11 00:47 - 2016-05-16 14:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-11 00:47 - 2016-05-11 20:51 - 00194168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-11 00:47 - 2016-05-11 00:47 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-05-10 23:09 - 2016-05-10 23:14 - 00285506 _____ C:\TDSSKiller.3.1.0.9_10.05.2016_23.09.38_log.txt
2016-05-10 23:03 - 2016-05-10 23:04 - 00280648 _____ C:\TDSSKiller.3.1.0.9_10.05.2016_23.03.03_log.txt
2016-05-10 22:23 - 2016-05-10 22:23 - 06700370 _____ C:\Users\samuel\Downloads\mbam-chameleon-3.1.30.0.zip
2016-05-10 22:23 - 2016-05-10 22:23 - 00968136 _____ (MalwareBytes) C:\Users\samuel\Desktop\firefox.com
2016-05-10 22:23 - 2016-03-10 14:06 - 00001258 _____ C:\Users\samuel\Desktop\master.conf
2016-05-09 18:05 - 2016-05-09 18:09 - 00287962 _____ C:\TDSSKiller.3.1.0.9_09.05.2016_18.05.58_log.txt
2016-05-09 18:00 - 2016-05-09 18:01 - 00279512 _____ C:\TDSSKiller.3.1.0.9_09.05.2016_18.00.24_log.txt
2016-05-09 17:57 - 2016-05-09 17:58 - 00281598 _____ C:\TDSSKiller.3.1.0.9_09.05.2016_17.57.04_log.txt
2016-05-08 14:58 - 2016-05-08 14:58 - 00000000 ____D C:\Users\samuel\AppData\LocalLow\Intel
2016-05-08 14:53 - 2016-05-08 14:53 - 00000000 ____D C:\Users\samuel\Intel.sav
2016-05-08 14:35 - 2016-05-08 14:35 - 00000000 ____D C:\Users\samuel\Intel
2016-05-08 13:56 - 2016-05-08 13:56 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-05-08 13:50 - 2016-05-08 13:54 - 149325816 _____ (Sophos Limited) C:\Users\samuel\Downloads\Sophos Virus Removal Tool.exe
2016-05-08 13:39 - 2016-05-09 17:57 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\samuel\Desktop\tdsskiller.exe
2016-05-07 20:42 - 2016-05-07 20:44 - 05198336 _____ (AVAST Software) C:\Users\samuel\Desktop\aswMBR.exe
2016-05-07 20:25 - 2016-05-07 20:29 - 00286904 _____ C:\TDSSKiller.3.1.0.9_07.05.2016_20.25.25_log.txt
2016-05-07 20:20 - 2016-05-07 20:21 - 00275512 _____ C:\TDSSKiller.3.1.0.9_07.05.2016_20.20.27_log.txt
2016-05-07 20:18 - 2016-05-12 15:20 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-05-07 20:17 - 2016-05-07 20:18 - 00279440 _____ C:\TDSSKiller.3.1.0.9_07.05.2016_20.17.13_log.txt
2016-05-07 20:10 - 2016-05-08 10:30 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\samuel\Desktop\rkill.exe
2016-05-07 15:45 - 2016-05-07 15:45 - 00000000 ____D C:\Users\samuel\Desktop\Nueva carpeta
2016-05-07 14:03 - 2016-05-07 14:03 - 00000000 ____D C:\Users\samuel\VirtualBox VMs
2016-05-07 14:02 - 2016-05-07 16:48 - 00000000 ____D C:\Users\samuel\.VirtualBox
2016-05-02 14:27 - 2016-05-02 14:28 - 02870984 _____ (ESET) C:\Users\samuel\Desktop\esetsmartinstaller_esn.exe
2016-04-24 09:35 - 2016-04-24 09:35 - 00001081 _____ C:\Users\samuel\Desktop\StataMP-64.exe.lnk
2016-04-24 00:15 - 2016-04-24 00:16 - 00000000 ____D C:\Users\samuel\Desktop\respaldo
2016-04-23 22:54 - 2016-04-24 09:35 - 00000000 ____D C:\Users\samuel\Desktop\Stata14
2016-04-16 16:45 - 2016-04-16 16:45 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-16 16:45 - 2016-04-16 16:45 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-16 16:45 - 2016-04-16 16:45 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-16 16:45 - 2016-04-16 16:45 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-16 16:45 - 2016-04-16 16:45 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-16 16:44 - 2016-04-16 16:44 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-16 16:44 - 2016-04-16 16:44 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-16 16:44 - 2016-04-16 16:44 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-16 16:44 - 2016-04-16 16:44 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-16 16:44 - 2016-04-16 16:44 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-16 16:44 - 2016-04-16 16:44 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-16 16:43 - 2016-04-16 16:43 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-16 16:43 - 2016-04-16 16:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-16 16:43 - 2016-04-16 16:43 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-16 16:43 - 2016-04-16 16:43 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-16 16:43 - 2016-04-16 16:43 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-16 16:43 - 2016-04-16 16:43 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-16 16:43 - 2016-04-16 16:43 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-16 16:43 - 2016-04-16 16:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-16 16:43 - 2016-04-16 16:43 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-16 16:43 - 2016-04-16 16:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 14:43 - 2015-11-14 15:35 - 00000000 ____D C:\FRST
2016-05-16 14:41 - 2016-01-30 06:35 - 00000000 ____D C:\Users\samuel\AppData\LocalLow\LastPass
2016-05-16 14:36 - 2015-07-29 19:42 - 00000000 __SHD C:\Users\samuel\IntelGraphicsProfiles
2016-05-11 20:55 - 2015-07-29 19:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-11 18:47 - 2015-07-29 12:34 - 00000000 ___HD C:\$SysReset
2016-05-11 15:28 - 2014-02-25 21:53 - 00035016 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_bus.sys
2016-05-11 15:23 - 2011-02-19 22:51 - 00057168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcomp100.dll
2016-05-11 14:45 - 2014-03-27 13:00 - 00017152 _____ (ASUSTek Computer Inc.) C:\WINDOWS\system32\Drivers\AiCharger.sys
2016-05-11 14:39 - 2015-07-29 19:30 - 00000000 ____D C:\Intel
2016-05-11 07:08 - 2015-07-29 19:45 - 00000000 ___RD C:\Users\samuel\OneDrive
2016-05-11 07:03 - 2015-11-01 09:59 - 00000000 ____D C:\Users\samuel\.android
2016-05-10 23:02 - 2016-04-01 18:42 - 00000000 ____D C:\Users\samuel\Desktop\mbar
2016-05-08 15:24 - 2015-11-25 19:05 - 00000000 ____D C:\Users\samuel\Desktop\Libros
2016-05-08 10:25 - 2016-04-03 16:29 - 00000000 ____D C:\EEK
2016-05-08 09:48 - 2016-03-05 10:55 - 00000000 ___RD C:\Users\samuel\OD
2016-04-23 18:54 - 2015-12-19 18:09 - 00000000 ____D C:\Users\samuel\.oracle_jre_usage
2016-04-23 10:23 - 2015-12-08 08:14 - 00000000 ____D C:\Users\samuel\Documents\Biblioteca de calibre
 
==================== Files in the root of some directories =======
 
2016-05-11 14:39 - 2016-05-16 14:40 - 0000431 _____ () C:\Users\samuel\AppData\Roaming\sp_data.sys
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-11 18:36
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by samuel (2016-05-16 14:45:01)
Running from C:\Users\samuel\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-11 07:11:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3690298984-718693576-1200642337-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3690298984-718693576-1200642337-503 - Limited - Disabled)
Guest (S-1-5-21-3690298984-718693576-1200642337-501 - Limited - Disabled)
samuel (S-1-5-21-3690298984-718693576-1200642337-1001 - Administrator - Enabled) => C:\Users\samuel
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
AntiLogger (HKLM-x32\...\AntiLogger) (Version:  - Zemana Ltd.)
AntiLogger (x32 Version: 1.9.3.602 - Zemana Ltd.) Hidden
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.9 - ASUS)
ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.5 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Avast Premier (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Chromodo (HKLM-x32\...\Chromodo) (Version: 48.12.18.254 - Comodo)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.)
Kits Configuration Installer (x32 Version: 10.1.10586.212 - Microsoft) Hidden
Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mediatek Bluetooth (HKLM\...\{878D7C14-18BD-7A70-9292-C0B3CE374125}) (Version: 11.0.754.0 - Mediatek)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 es-MX)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.47.0 - Ralink)
Software Intel® PROSet/Wireless (HKLM-x32\...\{cc892976-0919-4ba9-ab52-ae15d2127a12}) (Version: 18.21.0 - Intel Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WPT Redistributables (x32 Version: 10.1.10586.212 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.10586.212 - Microsoft) Hidden
ZTE Controlador USB del teléfono (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3690298984-718693576-1200642337-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0207AAC2-DC94-40E4-BD72-0A726FD57D76} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {28694DF1-C527-4B11-ADD1-7DCFFD22A665} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {54BD775C-351E-45B3-8FA1-EA5BC0739458} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-05-11] (ASUS)
Task: {589998D8-925E-41D9-805A-77ACB0F7F0F2} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-05-11] (ASUSTek Computer Inc.)
Task: {60EC10DD-00CF-4B1B-860F-66A4D7F19D3F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {6F411A59-828D-4058-8C47-BD1B553ADCFB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2016-05-11] (ASUSTek Computer Inc.)
Task: {90C537F0-8CF5-4631-8DB6-8EE860069561} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-16] (AVAST Software)
Task: {AA200DF4-5976-4932-AE04-DD60F1335E74} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C81BCC37-482B-4C38-B235-B8BFF35377A5} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-07-28] (AsusTek)
Task: {D3B4E765-7DF3-416F-B6A8-08E87FC6515D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-16 16:44 - 2016-04-16 16:44 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-11 07:08 - 2016-05-11 07:08 - 00959176 _____ () C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-05-11 22:01 - 2016-05-11 22:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-07-18 01:35 - 2015-07-29 11:12 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-19 12:24 - 2015-12-19 12:24 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 14:14 - 2016-05-11 14:14 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2016-05-11 15:23 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2016-05-16 14:01 - 2016-05-16 14:01 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-16 14:01 - 2016-05-16 14:01 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-16 14:10 - 2016-05-16 14:10 - 02906624 _____ () C:\Program Files\AVAST Software\Avast\defs\16051602\algo.dll
2016-05-16 14:01 - 2016-05-16 14:01 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-16 14:01 - 2016-05-16 14:01 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-11 22:01 - 2016-05-11 22:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-11 22:01 - 2016-05-11 22:01 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-11 07:08 - 2016-05-11 07:08 - 00679624 _____ () C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-05-16 14:01 - 2016-05-16 14:01 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ASGCoInstaller_x64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\athwbx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CallHistoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\configurationclient.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDDS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenterprisediagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DptfParticipantDisplayService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DptfParticipantProcessorService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyCriticalService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyLpmService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwminit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FilterDS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fwbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hmkd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ihvrilproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvcProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mapstoasttask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmmigrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MessagingDataModel2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcr120.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MTF.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MTFServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nativemap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngckeyenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcpopkeysrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\omadmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\omadmclient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneCallHistoryApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenanceClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provpackageapidll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\QuickActionsDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\readingviewresources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\rilproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMSRoamingSecurity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.V2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsUtilsV2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SmsRouterSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stdcfltnco08.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCoreRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgrcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vcomp100.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttpcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsplib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSave.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ztrace_maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallHistoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CSVer.dll:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DptfInvalidPolicyRemover.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esif_uf.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hmkd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MessagingDataModel2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MTF.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usermgrcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WiFiDisplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttpcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ztrace_maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AiCharger.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AsHIDSwitch64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AsusTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrSerIf.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrUsbSer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btath_bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DptfDevDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dptf_cpu.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\esif_lf.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\filecrypt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hw_usbdev.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_GPIO.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_I2C.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_SPI.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_UART2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\necbatt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdstor.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET88FC.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudserd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ST_Accel.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UcmCx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ufx01000.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ufxsynopsys.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Public\Desktop\avast_premier_antivirus_setup_online.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Public\Desktop\avast_premier_antivirus_setup_online.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Desktop\aswMBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Desktop\aswMBR.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Desktop\avast_premier_antivirus_setup_online.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Desktop\avast_premier_antivirus_setup_online.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Desktop\esetsmartinstaller_esn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Desktop\esetsmartinstaller_esn.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Desktop\firefox.com:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Desktop\firefox.com:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Desktop\rkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Desktop\rkill.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Desktop\tdsskiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Desktop\tdsskiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\ASUS_FlipLock_Win81_64_VER105.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\ASUS_FlipLock_Win81_64_VER105.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034(1).zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034(1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100037.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100037.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\BackTracker_Win81_64_VER309.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\BackTracker_Win81_64_VER309.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_Intel_Win81_64_VER3113110402.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_Intel_Win81_64_VER3113110402.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_QualcommAtheros_Win81_64_VER801318.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_QualcommAtheros_Win81_64_VER801318.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\Buletooth_Intel_Win81_64_VER17014050464.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\Buletooth_Intel_Win81_64_VER17014050464.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\CardReader_Alcor_Win81_64_VER2041011743857.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\CardReader_Alcor_Win81_64_VER2041011743857.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\Chipset_Intel_Win81_64_VER9401027.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\DPTF_Intel_Win81_64_VER7102105.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\DPTF_Intel_Win81_64_VER7102105.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER8490116.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER8490116.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER849014.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER849014.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\HDDProtection_Win81_64_VER4070057.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\HDDProtection_Win81_64_VER4070057.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\KBFilter_Win81_64_VER1005.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\KBFilter_Win81_64_VER1005.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\mbam-chameleon-3.1.30.0.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\mbam-chameleon-3.1.30.0.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\sdksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\sdksetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\SerialIO_Intel_Win81_64_VER111650.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\SerialIO_Intel_Win81_64_VER111650.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\SmartGesture_Win81_64_VER2219.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\SmartGesture_Win81_64_VER2219.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\Sophos Virus Removal Tool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\Splendid_Win81_64_VER3010003.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\Splendid_Win81_64_VER3010003.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\USBChargerPlus_Win81_64_VER319.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\USBChargerPlus_Win81_64_VER319.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_Broadwell_Win81_64_VER1018144112.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_Broadwell_Win81_64_VER1018144112.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_MSHybrid_Win81_64_VER101810349601.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_MSHybrid_Win81_64_VER101810349601.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\VGA_nVidia_Win81_64_VER918133311.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\VGA_nVidia_Win81_64_VER918133311.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\WiFi_Intel_Win81_64_VER17015.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\WiFi_Intel_Win81_64_VER17015.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\winrar-x64-531es.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\samuel\Downloads\winrar-x64-531es.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_QualcommAtheros_Win81_64_VER1000287.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_QualcommAtheros_Win81_64_VER1000287.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_Ralink_Win81_64_VER50470.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_Ralink_Win81_64_VER50470.zip:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84450515.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84450515.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-05-11 02:20 - 2016-05-11 02:16 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3690298984-718693576-1200642337-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{81AD1292-6AED-455E-8A01-BD28CB6ACF7A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DDF4E3C6-AD72-44EB-9396-220E1985B7E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{44B70912-DCDF-47AD-BFBA-8670DA5E1DAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
11-05-2016 07:10:38 Software Intel® PROSet/Wireless
16-05-2016 13:52:02 Removed COMODO Internet Security Premium
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2016 02:41:55 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 1
 
Error: (05/16/2016 02:41:55 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 1
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
GetDisplayBrightnessFromPowerSettings:  Could not inform driver of current brightness value.
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
SetBrightnessSettingInDriver:  p_handle is NULL.
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPService
ServiceMain:  ServiceStart() failed.
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
SetDisplayBrightnessViaPowerSettings:  Could not obtain brightness value to set from driver.
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyLpmService
CreateApplicationList:  dptfFrameworkHandle is NULL.
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyCriticalService
ServiceMain:  ServiceStart() failed.
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPService
ServiceStart:  ConnectToDptfFrameworkDriver() failed.
 
Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfProcessorParticipantService
ServiceMain:  ServiceStart() failed.
 
 
System errors:
=============
Error: (05/16/2016 02:35:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMService no pudo iniciarse debido al siguiente error: 
%%1053
 
Error: (05/16/2016 02:35:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio MBAMService.
 
Error: (05/16/2016 02:34:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 2:06:39 PM del ‎5/‎16/‎2016 resultó inesperado.
 
Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio User Data Access_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service.
 
Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio User Data Storage_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service.
 
Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Contact Data_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service.
 
Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Sync Host_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service.
 
Error: (05/16/2016 02:05:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/16/2016 01:55:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Sync Host_57b1f.
 
Error: (05/16/2016 01:55:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio User Data Storage_57b1f.
 
 
CodeIntegrity:
===================================
  Date: 2016-05-16 13:55:32.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-16 13:51:34.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-16 13:35:12.412
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-12 15:51:19.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-12 15:32:27.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-12 15:26:52.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-12 15:15:25.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-12 00:09:40.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-11 22:59:06.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-11 22:47:20.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 30%
Total physical RAM: 5835.43 MB
Available physical RAM: 4053.94 MB
Total Virtual: 7499.43 MB
Available Virtual: 5773.52 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:276.59 GB) (Free:185.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B4FA98D2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements

#2
Essexboy
Posted 17 May 2016 - 07:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first things first, you do not have a rootkit... 
 
When you try to start Avast what error do you get ?

Also you have several Comodo tasks starting which may cause the freezes


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2304184 2016-03-30] (Comodo)
2016-05-16 13:55 - 2016-05-16 13:55 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2016-05-11 15:22 - 2016-05-11 15:22 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2016-05-11 07:24 - 2016-05-11 07:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-05-11 07:23 - 2016-05-16 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-05-11 07:23 - 2016-05-11 07:23 - 00000000 ____D C:\Users\samuel\AppData\Local\Comodo
2016-05-11 07:23 - 2016-05-11 07:23 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-05-11 07:19 - 2016-05-11 07:19 - 00000000 __HDC C:\ProgramData\{02A8F2F7-A05E-4DC5-950D-52243BB4C610}
Task: {0207AAC2-DC94-40E4-BD72-0A726FD57D76} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {28694DF1-C527-4B11-ADD1-7DCFFD22A665} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {60EC10DD-00CF-4B1B-860F-66A4D7F19D3F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {AA200DF4-5976-4932-AE04-DD60F1335E74} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {D3B4E765-7DF3-416F-B6A8-08E87FC6515D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
samidelcueva
Posted 17 May 2016 - 02:47 PM

samidelcueva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

when i tried to open avast with admin rights it freezes,  but after the fix, its now working normally, and the computer in general is working excellent.

only the start up its very slow, after putting the password.

 

THANKS!!

Attached Files


  • 0

#4
Essexboy
Posted 18 May 2016 - 07:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK as you have an upgrade to windows 10 the slowdown is apparently a normal effect. That can be cured however :)

Download the SDK web installer from here
Run the installer and select the following:

Leave the location to default
wdk%20location.JPG

Windows Performance Toolkit
Wintoolkitselect.JPG

You must reboot on completion of the install

After reboot set aside about 30 minutes when you will not need the computer

To turn UAC off

1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
2.Do the following: To turn off UAC, move the slider to the Never notify position, and then click OK.


When ready start an elevated command prompt :

Go Start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator

Then copy and paste the following command into the black box :

xbootmgr -trace boot -prepSystem -verboseReadyBoot

sdk%20command.JPG

Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

To turn UAC on

1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
2.Do the following: To turn on UAC, move the slider to the notify me (default) position, and then click OK.
  • 0

#5
samidelcueva
Posted 18 May 2016 - 03:19 PM

samidelcueva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

now its ready, thanks!, one last question, how i delete totally an antivirus when i uninstalled?


  • 0

#6
Essexboy
Posted 19 May 2016 - 07:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Which antivirus ?  As most of them have a specific removal tool

 

Startup OK ?


  • 0

#7
samidelcueva
Posted 19 May 2016 - 08:35 PM

samidelcueva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

yeap start up its okay, only the "start up" of the programs is something slow, and i were talking in general of any antivirus, thanks


  • 0

#8
Essexboy
Posted 20 May 2016 - 05:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first uninstall via control panel then user the remover from this list http://www.bitdefend...tware-1107.html

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Essexboy
Posted 21 May 2016 - 04:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: rootkit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP