Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I have a virus.

Slow system Virus Stressed Help me please

  • Please log in to reply

#16
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Supermatt (10-05-2018 13:36:05)
Running from C:\Users\Supermatt\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-08 13:51:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3797239318-1157007529-570800937-500 - Administrator - Disabled) => C:\Users\Administrator.Supermatt-PC
Guest (S-1-5-21-3797239318-1157007529-570800937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3797239318-1157007529-570800937-1002 - Limited - Enabled)
Supermatt (S-1-5-21-3797239318-1157007529-570800937-1000 - Administrator - Enabled) => C:\Users\Supermatt
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.3.0.33 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Alive Video Converter (version 3.1.8.6) (HKLM-x32\...\Alive Video Converter_is1) (Version:  - AliveMedia, Inc.)
Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anime Studio Pro 10.1.1 (HKLM\...\ASP1011_is1) (Version: 10.1.1 - Smith Micro Software, Inc.)
Anime Studio Pro 11.0 (HKLM\...\ASP1100_is1) (Version: 11.0 - Smith Micro Software, Inc.)
AOMEI Partition Assistant Unlimited Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version:  - AOMEI Technology Co., Ltd.)
APK Studio (HKLM-x32\...\APK Studio d49d3de) (Version: d49d3de - Vaibhav Pandey)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Maya LT 2015 (HKLM\...\{2FB97E5C-14A5-47C8-BD85-69CC70471291}) (Version: 15.10.373.0 - Autodesk) Hidden
Autodesk Maya LT 2015 (HKLM\...\Autodesk Maya LT 2015) (Version: 15.10.373.0 - Autodesk)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.1.115 - Avid Technology, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
calibre (HKLM-x32\...\{7F1AA7AB-E4FB-46F7-AC2F-57D78D63A368}) (Version: 3.19.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
Classware (HKLM-x32\...\{5F945DFC-3BD1-74F7-5090-8885D0F4B1C5}) (Version: 1.2.3 - Cambridge University Press Holdings Limited) Hidden
Classware (HKLM-x32\...\Classware.D18242EEED0228FFB0408CDB0EFA905F46FFD844.1) (Version: v1.2.3.7574 - Cambridge University Press Holdings Limited)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{4F6FC44D-AE9F-472B-8F00-B8388BC9AA04}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.2 - Foolish IT LLC)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1905.56 - CyberLink Corp.)
DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX121 Series Printer Uninstall (HKLM\...\EPSON TX121 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{4A0259D2-7278-4B23-B594-60B4124015A6}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{B9FDCE73-DC39-4671-8F2E-2CA5ACB924B0}) (Version: 10.02.0000 - Rick Meyers)
ExamView Assessment Suite (HKLM-x32\...\{C59DE8FB-B81E-4386-B719-A8C95C16544B}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Beginner) (HKLM-x32\...\{eebe1d9a-486c-40e7-ae07-1892b3b2b7b4}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Elementary) (HKLM-x32\...\{ecb8a57a-21dc-4667-95f5-e2eff83733df}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Pre-intermediate) (HKLM-x32\...\{78d3c66f-5c7d-4da7-96eb-4e405a5406f2}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 1-3) (HKLM-x32\...\{8da61a8f-877e-443d-b448-3d1e60118184}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 4-6) (HKLM-x32\...\{4431b83a-1e23-458e-9f6c-a1d8270b6694}) (Version: 8.1.107.70421 - eInstruction)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
GameMaker Studio 2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\GameMakerStudio2) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hippo Animator 3.8 (HKLM\...\Hippo Animator 3) (Version: 3.8.5316.24610 - Hippo Studios)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
IL Autogun (HKLM-x32\...\IL Autogun) (Version:  - Image-Line)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Graphics Performance Analyzers 2013 R3 (HKLM\...\{B48DBBEE-2CCB-492E-2571-78ECE93329CB}) (Version: 13.3.0.207307 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.5 - PACE Anti-Piracy, Inc.)
Kernel for VHD ver 12.06.01 (HKLM-x32\...\Kernel for VHD_is1) (Version:  - Lepide Software Pvt.Ltd)
LenovoTool 1.2.2_os (HKLM-x32\...\LenovoTool) (Version: 1.2.2_os - Lenovo)
LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
LifeBeg (HKLM-x32\...\{BC41E108-ACA5-25E9-039A-09085C1A15F0}) (Version: 1.0 - UNKNOWN) Hidden
LifeBeg (HKLM-x32\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifeElem (HKLM-x32\...\{926447E2-8B00-F3D3-FA7A-73DE25CE5CF9}) (Version: 1.0 - UNKNOWN) Hidden
LifeElem (HKLM-x32\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifePreInt (HKLM-x32\...\{76B7A5CD-3757-D3A7-7321-86677926B755}) (Version: 1.0 - UNKNOWN) Hidden
LifePreInt (HKLM-x32\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Independence Libraries Common Files (HKLM\...\{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Libraries Common Files (HKLM-x32\...\MAGIX_{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro 3.1 VST-Plugins (HKLM\...\{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 VST-Plugins (HKLM-x32\...\MAGIX_{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro Software Suite 3.1 (HKLM\...\{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.1 (HKLM-x32\...\MAGIX_{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG)
MAGIX Music Maker 2014 Premium (HKLM\...\{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM\...\{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM-x32\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM\...\{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Visuals) (HKLM\...\{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Visuals) (HKLM-x32\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium Soundpools (HKLM\...\{095A41CD-2500-4783-AE28-87E05653CDE7}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (HKLM\...\{6F1F7E62-A579-434C-9610-F6FE2930C02E}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
Math Resource Studio 5 (HKLM-x32\...\{946E9741-5FAE-4011-9019-BC1FAF3FE99D}) (Version: 5.0.14.1 - Schoolhouse Technologies)
MCreator 1.7.7 (HKLM-x32\...\MCreator 1.7.7 Installer) (Version:  - Pylo)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Toolkit 2.4.0.0 (HKLM-x32\...\Microsoft Toolkit 2.4.0.0) (Version: 2.4.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
Our World 1 AE 2.0 (HKLM-x32\...\Our World 1 AE 2.0) (Version: 1.0.0.0 - )
Our World 2 AE 2.0 (HKLM-x32\...\Our World 2 AE 2.0) (Version: 1.0.0.0 - )
Our World 4 AE 2.0 (HKLM-x32\...\Our World 4 AE 2.0) (Version: 1.0.0.0 - )
Our World 6 AE 2.0 (HKLM-x32\...\Our World 6 AE 2.0) (Version: 1.0.0.0 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Puran Utilities 3.1 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated)
RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Schoolhouse Test 4 (HKLM-x32\...\{F5C9D54B-C338-4EF1-89D4-94F369CFC061}) (Version: 4.0.3.3 - Schoolhouse Technologies)
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.2.0.89 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Singing Coach 5 Pro (HKLM-x32\...\Singing Coach 5 Pro) (Version: 5.0.5.0 - Electronic Learning Products, Inc. )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Speech Support (HKLM-x32\...\Speech Support) (Version:  - LEC)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SuperBeam (HKLM\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 7 - LiveQoS Inc)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.14.0 - Synaptics Incorporated)
Telegram Desktop version 1.0.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Turbo Studio 17 (HKLM-x32\...\{80bc26f1-601d-4766-b205-404db5168343}) (Version: 17.0.1.0 - Code Systems)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.3 - CrystalIDEA Software, Inc.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.01 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (HKLM\...\{84CB6E60-E7CB-429F-AF9A-44F035889123}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 add-on content (HKLM\...\{77C4AF18-19ED-489E-84D3-203E3862F6BC}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (HKLM\...\{5D8D5B24-732C-4AA6-ABFE-9EAFF12064A4}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (HKLM\...\{C1109FC5-35DA-403C-AE1D-99295EDB6FA9}) (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (HKLM\...\{7A22C523-501D-4FD2-B9AD-BBEE8AFAED44}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (HKLM\...\{3CAD92B3-6BA0-44A4-A546-162520A80BB3}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (HKLM\...\{96826F72-1E29-4AB8-9312-84E664DCE474}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (HKLM\...\{4F6B2EA9-4598-4653-B13A-E27AA387DC9B}) (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vocabulary Worksheet Factory 5 (HKLM-x32\...\{DCC3A680-485D-4C55-AEDE-A87483B99E54}) (Version: 5.0.20.4 - Schoolhouse Technologies)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WhatsApp (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WhatsApp) (Version: 0.2.8000 - WhatsApp)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Data Recovery(Build 5.0.3.13) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.3.13 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.8.20150402 - Xilisoft)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-16] (RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-10] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02170602-07F0-446E-8EF6-4FCF2D7FCE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0FE1F78F-1F58-4105-9BDE-B3C6ED7DD4B2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {35541BD8-08B8-456E-977E-5ABF73EA6E11} - System32\Tasks\Intel® GPA Monitor 13.3 => C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe [2015-09-14] (Intel Corporation)
Task: {3704F14D-700A-4BAE-A91E-66B9EA645E52} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {3AE3FB84-1465-4EBA-B033-D42FECA4FA61} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3BD3C4D8-5152-4ABB-ACB9-F60AE7A8216E} - System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {47B38BDB-0F7A-4FDB-9956-602A9CCBD69D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4F68631E-92EC-4599-8299-E5B773FEE018} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {582212B9-A012-48FD-915E-975D0E0ED486} - System32\Tasks\{276A30E3-DC17-4817-B9CF-7C12127C6DE2} => C:\Windows\system32\pcalua.exe -a C:\Users\Supermatt\Desktop\MiFlashUnlock_1.1.0317.1_en\MiUsbDriver.exe
Task: {58526FD5-F666-4078-B306-47B0D26CB9AA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {59BB5577-DD6F-4D2D-A725-2A3A440C2A0F} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {5C1D53F2-A431-4D09-9788-5288219B42B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7D57EBF5-3183-4D3C-B0D2-EE0509E50F84} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-03-14] (COMODO)
Task: {8F4CF6A0-B45B-4E52-9009-C505F9D7A091} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2015-04-17] (COMODO CA Limited)
Task: {906A2DDB-F2B5-443F-A1FF-80906798196F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-03-14] (COMODO)
Task: {9EA43A95-A8CD-4975-B11A-748D6AC8948D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2017-09-16] (RealNetworks, Inc.)
Task: {A9EE4656-CBCB-40A3-AD82-BD7D16B21D4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {AC6746AC-3DDB-4151-A4FD-E07E2AE93159} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {AFDA95AA-E786-438B-994E-9AF9C9915827} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B0C50936-9A0B-408D-95D3-92E39A4583F2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {B24A5D00-4852-4973-BF13-57FE01076CA3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-23] (Adobe Systems Incorporated)
Task: {E620F070-9DCA-4003-9542-72629F7DB336} - System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {F253961A-27C4-473E-BCE3-AC65C4E55B84} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2015-01-29] (Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Supermatt\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-29 05:56 - 2018-03-14 00:17 - 000244416 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-08-29 05:56 - 2018-03-14 00:17 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 008866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-18 05:42 - 2016-05-18 05:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-09-21 15:04 - 2009-09-21 15:04 - 001501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-02-28 09:21 - 2015-12-25 15:28 - 001328632 _____ () C:\Program Files (x86)\DFX\DFX.exe
2010-06-25 09:08 - 2010-06-25 09:08 - 000173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-02-28 09:14 - 2015-12-25 15:28 - 000133624 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-02-28 09:18 - 2015-12-25 15:28 - 000134648 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-02-28 09:48 - 2015-12-25 15:28 - 000051192 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2016-01-07 21:56 - 2016-01-07 21:56 - 000012288 _____ () C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
2015-08-12 16:15 - 2015-08-12 16:15 - 007803392 _____ () c:\program files\avid\application manager\jre\bin\server\jvm.dll
2018-05-10 13:05 - 2018-05-10 13:05 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext3909189987930403250.dll
2016-06-30 01:01 - 2016-06-30 01:01 - 008166536 _____ () C:\Program Files (x86)\SpeedFan\speedfan.exe
2017-07-20 16:03 - 2017-09-07 15:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2018-05-03 17:23 - 2018-04-26 10:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-05-03 17:23 - 2018-04-26 10:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2014-09-13 22:46 - 2014-09-04 10:41 - 000047496 ____N () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-13 22:46 - 2014-09-04 10:41 - 000104328 ____N () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-02-28 09:43 - 2015-12-25 15:28 - 000052216 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2018-05-10 13:01 - 2018-05-10 13:01 - 000158720 _____ () C:\Users\Supermatt\AppData\Local\Temp\sfareca00001.dll
2018-05-10 12:54 - 2018-05-10 13:01 - 000192512 _____ () C:\Users\Supermatt\AppData\Local\Temp\sfamcc00001.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 008866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\autoexec.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\BcmBtRSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bdsandboxuh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdsandboxuiskin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\btwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280C.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280I.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280O.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNMIUAA.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNMLMAA.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\E_IBCBGGI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gfxSrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hccutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ig4icd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcmjit64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxCoIn_v2993.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IGFXDEVLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxexps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrara.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrchs.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcht.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcsy.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdan.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdeu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrell.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrenu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxresn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxress.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfin.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfra.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrheb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrhrv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrhun.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrita.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrjpn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrkor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnld.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrplk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrptb.lrc:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igfxrptg.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrrom.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrrus.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsky.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrslv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsve.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtha.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtrk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxsrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxTMM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IntcDAuC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnN64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTKSMlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTKSMSettingsIPC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SupportTool.exe.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynCtrl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SynGlwPadShlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynTPAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynTPCo8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC280L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC280U.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ig4icd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igdumdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmjit32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxdv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxexps32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MaxxAudioAPOShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft Toolkit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\subinacl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynTPCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynTPEnhPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ViewPDF01.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vorbis.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wPDFView01.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\androidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\aswTap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bcbtums.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwaudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwl2cap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwrchid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\CisUtMonitor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cmnxusbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cnnctfy3.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfx11_1x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfx12x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IntcDAud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IntelHaxm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\k57nd60a.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\kbfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\leusbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndiskhaz.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SynTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tapSF0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmactmon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TMEBC64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmeevw.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmevtmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmnciesc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmusa.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TosBtCi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosporte.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfcom.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Tosrfhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfnds.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TosRfSnd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TurboB.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSB.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wcmvcam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cis28B.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cis6DFC.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [169]
AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-100 pic.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-75.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1.  Chairein.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\10. MICHAEL.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\12. BILLY.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\13. SAMANTHA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. HENOKH.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle - English.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160105.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160113.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2337_the_simple_past_tense.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\3. ALFEUS.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\31785_whats_the_weather_like.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\32186_jobs__occupations.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\3650559416010026653.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\4. VICTORIA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\43_____Macmillan_English_Grammar_in_Context__gnv__..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\461785816034XXXX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\4745_the_present_perfect_tense.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\488939-images-of-soccer-field.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\5. SHALOM.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\6 Kung Fu Secrets for Flexibility & Higher Kicks.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\6. CECILIA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\67Grammar_Games_For_Children______..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\7. JASON'S.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\7010296916010026635.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\8. NATHAN.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\8m05bb36g04.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. THIERY.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\adjectives.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\All MTK USB Driver 2014.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Analytic-Rubric-Template.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ANSWER SHEET GRADE 4-6 TEST 1 SEMESTER 2 2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\A_Better_Camera_Unlocked_v3.31.TROJAN.ONHAX.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible 2.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Blood Moon Rise.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bluetooth_Broadcom_6.3.0.6000_W7x64_A.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\book on a desk.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy and girl talking.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy in a musem.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy soldier.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\boy-girl- Hello.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\brickman.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\C._K.Chu_-_The_Book_of_Nei_Kung_1st_ed.pdf.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\calibre-64bit-2.38.0.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\can-you-tell-me-the-way.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CAT B GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cat in a box.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160118_0055794802.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160418_0060467347.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cn+v5-8gb.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\coherence-cohesion.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\com.nuance.swype.trial_2.1.0.2010030.41841-2010030_minAPI14(armeabi)(nodpi).apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cows can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Crazy katy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cu31924031764594.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\D467_Storytelling_handbook_FINAL_web.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\demonstrative-pronouns.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DriverBackupAxioo9G.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\drove a car.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Dungeon Master II - The Legend of Skullkeep.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\dungeon-master-2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2-w-instructions.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EC FINALTEST MAY 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\english-pronouns.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\English_Grammar_in_Use_rd_Edition_CD___Demonoid.com___..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20093122229851430194.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2009521133639530074079.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20096719959341029384.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201021914855766628530.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201022401613547116161.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201098125924964636505.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2011629165151324736806.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201421402831610.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2016122233302070.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_04192016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EXE.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EX_Kernel_Manager_2.55.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part1.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part2.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\F8CB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Family Sturcture.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FBFBBBAD0DD7E14D41B8610E16DD97E18AFDD350.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FE Advanced - the MoonX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fire Resque.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FL_SM_v2.0.1[Androidiha.com].apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fragment.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FRX07.1_Full_Bundle_20110901.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fundamentals_of_English_Grammar-Teacher_s_Guide_0130136344.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GBX0A_Full_Bundle_11.3.2011.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Girl and Boy talking.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Globe1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 5- 6 SPELLBEE 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\guitar-sale-poster.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\hard work.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to go to the dentist.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to take out the trash.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Hobbies.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Holistic-Rubric-Template.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\HostsMan_4.6.103_installer.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\House burn.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Hubble space from NASA.Gov.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\HxDSetupEN.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM Integration Extention.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM.6.25.Build.12-Maherz.softarchive.net.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman.6.26.2f.softarchive.la.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDMGCExt.crx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh_Adonai_(Hebrew)_Elisheva_Shomron_(w_lyrics).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kernel.VHD.12.06.01.softarchive.net.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\kernel_injector.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lazy guy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lenovo-P780-ReParted-0.2.2-ID-EN-Aroma.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\listening test 1 semester 2 grade 7 - 9  2016 - 2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\little-girl-in-museum.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\making-words-negative-verbs.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\man-falling-down-stairs1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\manual.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\map_places-in-town.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MEGA-RECOVERYKEY.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Men can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\meteos-mtk6589-rom-edit-8gb-en.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MicrosoftFixit50641.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiFlashUnlock_1.1.0317.1_en.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mintywhite-1003-fonts-megapack.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Mounts2SD-3.4.8-unlocked.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MSTK.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MT65xx-Port-Lewa.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MTK6589_Partition_4GB_8GB_16GB.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mysteries.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\never drove a car.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\never rode a horse.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\NewGoogleInstaller2.0MS.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\NewKingrootV4.82_C138_B250_en_release_2016_03_09_105203.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\numbers.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Old man boarding.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\P780ROW_8Gb_ReParted_Data_no_int_sd_no_backup.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Paramedic help.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\paraphrasing plant cycle-6.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\parts-of-a-plant.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Patch_V6-2015-07-01.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PATRICIA1812_503535968.CSV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\People can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\plant-vocabulary-worksheet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment 2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\produkey-x64.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Puppy for sale.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\puppy under a tree.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Pure_Graphic_HD_Tweak.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Reflex_Bow-Pleasure_Paradox-GApps-ODEX-saga.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\REMA-TIP-TOP-SC2000-Cement-Bonding-Procedures-Rev4.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Remix_OS_for_PC_Android_M_64bit_B2016112101.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rode a horse.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\row+v5-8gb.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\RUGOS_0.TTF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rules.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Samuel.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Santo (Kadosh) .mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\scaryman.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ScatterEditor_v1.06.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Scatter_files_4GB_and_8GB.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Seeder-2.0.0.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1040.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1106.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Sharp dressed man.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SileadTouch.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SILVA-Sniper.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\simple present tense daily routines exercises worksheet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-1 (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-2.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\souvenirs.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\spelling bee word list.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\stack-mvp-membership-resources-6ae8.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\sunrise_182853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SUPERAntiSpyware.Pro.6.0.1212.sanet.me.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\superbeam-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\swimming.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Talking together.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017 (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test3-openrecovery-TWRP-saga-2.8.1.2-unofficial.img:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\The Middle East in Jesus Day.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\toporesize-0.7.1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\touch-driver-win8-10.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\TPDriver.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-studio-17.0.794.1.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.4.0rev2-p780row.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.7.1rev1-p780row+.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UAPM-1.41.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ubuntu-14.04.4-desktop-i386.iso.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Unconfirmed 820659.crdownload:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\unit-3.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UPDATE-SuperSU-v2.46.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UWT.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VHDTool.w32.1.0-b1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WeatherMonitor.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\well dressed girl.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\What's your name.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Win.KMS.Activator.Ultimate.2016.3.0.softarchive.la.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WinDroid 7 (GGT) 09-04-2016 0-18-37.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\x-demonoidcom-x_over_70_english_grammar_and_writing_books_5100102926.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\xposed-v80-sdk22-arm64-MIUI-edition-by-SolarWarez-20160217.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\XposedInstaller_3.0_alpha4.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\[limetorrents.cc]Malwarebytes.Anti-Malware.Premium.2.1.8.1057.Multilingual...KeyGen.by.FFF.torrent:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-09-12 23:18 - 2016-12-17 00:32 - 000000697 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 license.superantispyware.com
127.0.0.1 tonec.com
127.0.0.1 internetdownloadmanager.com
0.0.0.0 license.superantispyware.com
0.0.0.0 keystone.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DragonSvc => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart                                                                                                                                                                                                     
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe                                                                                                                                                                                                       
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot                                                                                                                                                                                                   
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "PowerDVD12DMREngine"
HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "GoogleDriveSync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{219A26F1-820B-49F7-B661-6C4E6944FC2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AAAA85EC-D718-47C9-879C-CDA8579CEFF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{705D0812-999F-4EF8-8025-FFA528D0E6D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{80E07C3D-27C6-47CF-8574-218C777634AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9848B36B-2273-4286-BF90-C2B5466218E2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{6F5EA031-9D3E-4CB9-8F7D-9A40E84582ED}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{87BC4FC3-2EB9-476F-9BB0-DE43EC4B3C67}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{9DAF9614-B9CF-4360-BDF7-6B2C919C1F08}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{5E34C749-0653-4A6F-A3E0-A49DEAA7974D}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{3754294B-8BC5-409F-B742-3D4DB2D82D78}] => (Allow) LPort=51001
FirewallRules: [{CE38EE3F-28BE-444A-A851-C14A7EEE0DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8A0746D9-2F0D-4D23-A0EB-85FB8C59C068}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B2529E6-9DCF-451A-B3F5-1A29AFC0D005}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2968D884-222C-4949-BA1D-5AE2871B37FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{717759C5-69C3-4E26-B94C-3195D192A090}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{79F7CDED-6AC6-4D56-A3FF-0993692193FC}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{7C74F8CF-3178-4E87-8461-C3E22F58B130}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{C5604AA7-992D-4CCB-8CEB-0F774590582D}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{85E81382-982E-4DC7-9488-F0B13DBE20CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{0022D6B1-7412-4FA2-B941-CC9CC80AF313}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{AAF0200E-A99F-484B-88DD-31680040AB7C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{AC0B44C7-FB73-499A-A74A-537201C64AA8}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{FD1E42B2-3866-4BC7-B7CC-2E4EFA78BBAB}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{A8C5307B-204A-4D37-AB9D-B92A42C31853}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FB183F9E-6CEC-4CBF-B482-D0647D4D7F83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9E6A5106-9A61-419D-8BD2-BC947901BB3D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{56C037E2-0A93-42E4-9547-FC027885C4A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6C1857C7-8DD9-4830-A921-AB9EFE6799DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F20B86A7-CAC9-4BF8-8B0C-FF956FA04AD7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{1794799F-581F-4D42-A2EA-8107C64E181E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [UDP Query User{1D2BD891-2C37-4825-9E90-86328CF4945E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D582C995-C7C4-45BC-80B6-D9EC290B85D2}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{5C2A35BE-D115-46D0-81DE-4FDC493A134C}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D3A755B2-C040-419E-BB8D-5A0E1A85A434}] => (Allow) LPort=8080
FirewallRules: [{02FFB931-CD4D-4B17-BDA6-D75E1BB10A7E}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{27D72650-BB1A-456A-B524-C7BEAED4FAF9}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{286DC3F0-C4B8-419E-9431-C1A34A1B4656}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{8339AEBF-2F6E-4822-A7D0-9CD7FD90361B}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{60BC5D15-6BDE-48CE-A1F3-220D15C2DFDD}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6A17B749-DC74-46E5-9372-143DA0658AF0}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{D1255087-7376-482A-9997-246634CE9C89}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{3288B3B5-C77A-4E44-8B9A-3380D4679FBF}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6E2601F2-02AB-4D75-BE72-ED4D258538E9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{FEE5923B-4360-48B6-8921-ADF4A4D7FF64}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{22A4CDB9-0712-421B-A4F5-47328E5673E2}] => (Allow) LPort=7935
FirewallRules: [{6FDEC213-17B7-449F-A107-AA36C0B3CB02}] => (Allow) C:\Windows\SysWOW64\router.exe
FirewallRules: [TCP Query User{B0CA7870-EE47-4CD0-AE1D-840F0019323E}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [UDP Query User{A35E3EB5-8AE3-4C09-A4DB-024B80BCD2A4}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [TCP Query User{7294E9ED-8FF7-43D3-B62D-640521C54937}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D1388B3A-DDC7-416E-BAB4-993690A1BF3A}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{BE2522F0-A7BC-429B-A14D-6ADF52657A8E}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CF44B602-D564-4384-B8C6-565D3BD0C9D6}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CC846382-CC29-4046-A8DB-D39D3375CC9D}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{60CB4EC5-7966-44CA-999C-4E623543290A}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{48B2E9D5-9083-4DAB-9A59-8CC242D86704}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{5E3F9622-3508-450F-9C87-5FF416430443}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{526BD3DF-653B-4ABD-93DA-0A65DCEBC387}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{11C51389-8697-4972-83E3-0DA53541B953}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{8C089F28-6842-444C-8022-39AC99CAE226}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{91A56486-9729-4326-9EFA-432BB85D8F21}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{0A90557A-DA7B-477D-B9A2-32ABC7026234}] => (Allow) LPort=17234
FirewallRules: [{F724E459-45E6-4AD0-98CB-50B4B5068122}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{0EA1ACAC-67E7-4B25-B10C-AB3D7AC8B4FB}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{7D8BFB07-6AF2-4380-8E48-FD2B18D910F6}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{6418B01D-8DFA-4722-8942-AF673C661486}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{592A0725-5F25-40EF-9DB3-7C6E823657E0}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{7109E65B-E4A1-4B09-8A8C-C7A4D7C00EA1}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{02FE2634-D65F-4430-B855-A78C6BAE88FD}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{D8BE8888-629A-4AFA-B6E0-75E40B4E3F23}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{8AE424B6-BFB7-455B-AE17-5D821A455C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EC9EB48D-E841-4687-B421-45BCD07D0EC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3BF257-E86D-4A8D-945A-F475DAF09348}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{A519E786-F885-47A0-AC8C-2AA235288156}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{F6C97284-8D40-4FC7-BC40-75B818AA48DA}] => (Allow) LPort=8080
FirewallRules: [{D1D458A2-2D9D-4467-B5AD-6FBE36B636DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-05-2018 14:53:23 Buddy safe
04-05-2018 16:34:55 Windows Backup
07-05-2018 23:50:06 Removed Java SE Development Kit 7 Update 75 (64-bit)
08-05-2018 00:06:31 Removed Java 8 Update 171
08-05-2018 00:24:50 Removed Java 8 Update 171 (64-bit)
08-05-2018 00:26:05 Removed Microsoft Silverlight
09-05-2018 15:50:55 Removed Bonjour
09-05-2018 19:44:45 Removed VMware Workstation
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/10/2018 01:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (05/10/2018 12:56:34 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (05/10/2018 12:36:48 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 5812.5 MB
Available physical RAM: 2775.73 MB
Total Virtual: 11952.71 MB
Available Virtual: 8449.58 MB
 
==================== Drives ================================
 
Drive c: (Disk4) (Fixed) (Total:529.09 GB) (Free:229.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Disk2) (Fixed) (Total:402.32 GB) (Free:168.33 GB) NTFS
 
\\?\Volume{05205e46-78e8-11e3-9a7e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 01C54DC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=402.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=529.1 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#17
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

http://www.hddstatus...cation=75D8F0D1


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

BF
                                            Attribute name    G-sense error rate
                                            Real value    1,137
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000471
                                            Status    Good

 

 

G-sense parameter is very high which is why it looks like it might have been dropped.  Drive appears to be rather old and has a lot of cycles on it:

 

C1
                                            Attribute name    Load/Unload Cycle Count
                                            Real value    324,508
                                            Current    68
                                            Worst    68
                                            Threshold    0
                                            Raw Value    000004F39C
                                            Status    Good

 

 

so it may just be getting a bit odd.

 

C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    12,912
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000003270
                                            Status    Good

 

 

Pending sector count is what really looks bad.  I was hoping speedfan would give us a second opinion on that too as I have never seen one that is still working with that high a value.  I'm working on one now with only a value of 71 and it has problems booting.

 

Go back into speedfan and do the S.M.A.R.T tab stuff so we get a second opinion on the drive:

 

 

click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform an In-depth Online Analysis of this hard disk.  Your browser will open.

At the bottom of the new page will be a line:  

The link to get back and see a new report about this hard disk in the future is this.

Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).

 

 

 

 

 

 

Temps are higher than I would like. 

When your friend replaced the fan did he perhaps unscrew the heatsink/heat pipe?  If so that might explain the high temps or he might just have forgotten to clean the heatsink.  If the heatsink was disturbed it needs to be cleaned and the thermal paste replaced.

 

It's odd that speedfan doesn't see the fan.  Usually there is a section on the left that shows the fan speed.  Perhaps Speedfan doesn't fully understand this PC.  This is what I expect to see (from my desktop PC so it's going to be a bit different anyway)

 

 

How is it booting now?  Is it any better?


  • 0

#19
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

The reboot speed is back up to where I would expect, about 5-10 seconds. I pray over my stuff (maybe why it lasts so long) and often that keeps it running. This drive is about 5 years old now. It's more than 4 I'm sure. My friend cleaned it, but I have no clue what he did or didn't do with the inner parts. It was done in his shop while I was at work. I'm trying to get a read/write surface scan tool, as the speed fan suggested it. Do you know of one that may work?


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks like I missed your Speedfan HD report.  Speedfan agrees the drive is dying. 

 

Short term back up everything you don't want to lose then buy a new drive preferably a Western Digital Black ( they really do seem to be better and last longer)
Amazon has one that will work  for about $70:
WD Black 1TB Performance Mobile Hard Disk Drive - 7200 RPM SATA 6 Gb/s 32MB Cache 9.5 MM 2.5 Inch - WD10JPLX
by Western Digital
$ 64 99


and a USB to SATA adapter

Amazon has lots.  Here is one for $12

StarTech USB 3.0 to 2.5" SATA III Hard Drive Adapter Cable w/ UASP - SATA to USB 3.0 Converter for SSD/HDD - Hard Drive Adapter Cable

and clone the drive.  You can use the program from your new hard drive or you can use one of the free ones:

http://www.techrepub...-cloning-tools/

http://www.backup-ut...e-software.html

Some of them require you to boot from a CD or USB drive (it's faster that way but others like 

Macrium Reflect Free Edition

http://www.macrium.c...eflectfree.aspx

can clone from within windows.

You plug the new drive into the usb adapter and the adapter into your PC's USB jack.  Run the cloning software.  (Make sure you know the source drive is the old drive and the destination is the new.

Once the cloning software finishes you shut it down, use a small Phillips screw driver to remove the 2 screws that hold the cover on the drive, remove the screws (may be 2 more screws).  Often the drive is in a carrier so you need to remove 4 more screws.  Keep the screws separate since they may be different sizes.  Remove the old drive, install the new.  Boot up and run speccy to make sure that the new drive is clean.  


 


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I was hoping the drive test from HGST I mentioned earlier would do that.


  • 0

#22
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

http://www.hddstatus...cation=3EE6F8C1


  • 0

#23
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

http://www.hddstatus...cation=3EE6F8C1The fan is running faster now.


  • 0

#24
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

The windft app won't work. It just shows a blank ui.


  • 0

#25
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

How about this https://www.bukalapa...ASABEgLuz_D_BwE

Do you think that would fit my system?


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks like it's a solid state drive.  It might fit but usually you need to reload the operating system from scratch.  There are a couple of cloning programs that claim to be able to clone from a standard hard drive to an SSD but I've never tried them.  Nice price tho.


  • 1

#27
Supermatt01

Supermatt01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

I'm looking into getting a replacement now. I think that is the best option. I want to find a 2tb drive if possible. Thanks for all your help. I think it is in a stable enough condition to transfer my data and get this sick computer well again. Thank you again. 


  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/
To prevent a relatively new phishing attack:  In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of Flase.
Close and restart firefox.

To test it you can go to:

https://www.xn--80ak6aa92e.com/

If the value is false you will see https://www.apple.cominstead of the correct value


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: Slow system, Virus, Stressed, Help me please

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP